Locking  down  Linux 

Security,  regulatory  compliance  and  intellectual  property 
law  were  all  hot  topics  at  last  week's  LinuxWorld  in 
Boston  PAGE  8. 


Clear  Choice  Test 
Wireless  multimedia 

Ruckus  Wireless  offers  a  MIMO-like 
multimedia  access  point.  PAGE  52. 


Share  and  SharePoint  alike 

Microsoft  is  making  its  ShareFbint  server  the  founda¬ 
tion  for  sharing  all  the  document  types  produced  by 
Office  desktop  applications.  PAGE  29. 
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Secret  security  weapon 

Vendors  turn  to  OPSWAT  to  better  their  products. 


BY  ELLEN  MESSMER 

There  are  dozens  of 
brands  of  anti¬ 
virus,  anti-spyware, 
desktop  firewall  and 
VPN  products,  and 
Benny  Czarny  has 
made  it  his  business  to 
know  them  all  inside 
and  out. 

Eight  other  engineers 
at  OPSWAT,  the  San 
Francisco  company  that 
Czarny  founded  in 

2002,  do  the  same.  Why?  So  that  other  IT  companies,  now  gung- 
ho  on  the  concept  of  checking  for  anti-virus,  anti-spyware, VPN 
or  patch  updates  before  allowing  network  access,  can  spare 
themselves  the  time-consuming  task  of  keeping  up  with  all  the 

See  OPSWAT,  page  60 


Cisco,  Juniper  pry 
open  WAN  links 


BY  TIM  GREENE  AND  DENISE  DUBIE 

Rivals  Cisco  and  Juniper  are  set  to  announce  prod¬ 
ucts  that  could  bolster  the  speed  and  efficiency  of 
corporate  wide-area  connections. 

While  not  going  toe-to-toe  with  their  new  prod¬ 
ucts,  both  companies  are  addressing  problems  that 
arise  when  corporations  consolidate  their  servers, 
forcing  more  traffic  to  traverse  a  WAN  to  centralized 
data  centers. 

Until  recently,  corporate  IT  customers  accepted 
buying  individual  boxes  for  server  load-balancing, 
security  such  as  SSL  offloading  and  firewall  capabili¬ 
ties.  But  with  resistance  to  rolling  out  niche  boxes 
growing,  vendors  such  as  Cisco  are  looking  to  con¬ 
solidate  features. 

The  company  this  week  is  expected  to  announce  a 


multifunction  blade  for  its  Catalyst  6500  switches  that 
promises  to  speed  and  secure  application  traffic. 

Separately  Juniper  plans  to  announce  software  at 
May’s  Interop  conference  that  will  let  carriers  manage 
Juniper  WAN-acceleration  boxes  as  part  of  customer 
services  that  could 

let  businesses  put  I  Cisco's  termination  of  its 
off  buying  larger,  venerable  2600  router  plat- 

more  expensive  form  isn't  catching  users  by 

WAN  connections.  surprise.  Page  12 

Cisco’s  Applica¬ 
tion  Control  Engine  (ACE)  is  a  blade  that  slides  into 
its  Catalyst  6500  switches  and  performs  several  func¬ 
tions  typically  handled  by  load  balancers,  compres¬ 
sion  devices  and  application-acceleration  devices, 

See  WAN,  page  12 


Storage  virtualization 
off  to  a  slow  start 

BY  DENI  CONNOR 

SAN  DIEGO  —  Three  years’ 
worth  of  market  hype  hasn’t  been 
able  to  overcome  this  apparent 
truth  about  multivendor  storage 
virtualization:Virtually  no  one  is 
doing  it. 

At  Storage  Networking  World  in 
San  Diego  last  week,  customers 
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and  industry  analysts  said  there 
are  a  number  of  reasons  network 
executives  aren’t  rushing  out  to 
buy  intelligent  Fibre  Channel 
switches  or  appliances  that  virtu¬ 
alize  or  pool  the  storage  resources 
on  arrays  from  different  vendors. 

“Heterogeneous  —  that’s  a  good 
See  Virtualization,  page  14 


NOAH  Z  JONES 


Start-up 
touts  ‘search 
unplugged’ 

Search  the  Web  from  your 
laptop  or  handheld  —  without 
an  Internet  connection  of  any 
kind? 

This  seem¬ 
ing  impossi¬ 
bility  is  what 
a  Bellevue, 
Wash., 
start-up 
called  Web- 
aroo  has  set 
out  to  realize  —  the  company 
calls  it  “search  unplugged”  — 
and  even  company  President 
Brad  Husick  concedes  that  he 
found  the  idea  crazy  at  first. 

See  Net  Buzz,  page  61 


NETBUZZ 


Paul  McNamara 


.INFRASTRUCTURE  LOG 

_DAY  49:  Things  are  out  of  control.  Our  system’s  just 
not  secure,  flexible  or  reliable  enough.  Gil  bought 
some  “infrastructure  bloodhounds”  online.  He  says  they 
can  sniff  out  any  problem. 

_DAY  50:  Bloodhounds  aren’t  as  good  at  sniffing  out 
network  problems  as  they  are  at  chewing  Ethernet  cables. 

_DAY  52:  I’ve  got  it:  IBM  Tivoli  Express  middleware. 

It’s  a  series  of  I.T.  management  solutions  designed 
and  priced  for  mid-sized  businesses  like  us.  It’s  secure, 
boosts  uptime,  and  protects  our  data  with  automated 
backups.  Our  IBM  Business  Partner  even  customized  and 
implemented  it  for  us. 

.Remind  Gil:  dog  hair  and  computers,  very  bad  combo. 


Get  the  Guide  to  simple,  fast,  secure  I.T.  Management  at: 

IBM.COM/TAKEBACKCONTROL/SIMPLE 
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DEFINE  YOUR  OPEN  ENTERPRISE’ 


In  my  Open  Enterprise,  productivity  is 
up  because  workgroup  solutions  actually 
work  the  way  groups  want  them  to. 


People  are  more  productive  when  they  have  the  tools  and  support 
they  need  to  work  more  efficiently.  Workgroup  solutions  from 
Novell®  unite  infrastructure,  services  and  tools  with  unmatched 
security  and  reliability.  Regardless  of  location  or  device.  Our 
full  suite  of  networking,  communication  and  collaboration 
services  support  more  users  on  a  single  server,  simplifying 
administration  and  significantly  reducing  costs.  So  you 
can  communicate  and  collaborate  the  way  you  want, 
wherever  you  want — for  a  lot  less  than  you’d  think. 


Workgroup  solutions  from  Novell. 

This  is  the  way  to  connect  your  Open  Enterprise. 


Novell 


This  is  Your  Open  Enterprise." 

www.novell.com/connect 


Copytigfcl  i  2006  Now!!,  Inc  All  Ri(|IHs  Reserved  Novell,  the  Novell  logo  and  GroupWise  are  registered  trademarks, 
This  is  Your  Open  Enferpri se  and  Oelirte  your  Open  Enterprise  are  trademarks  ol  Novell.  Inc.  In  the  United  States  and 
othei  countries.  All  thitd  party  trademarks  are  the  property  ol  their  respective  owners. 
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News 

8  Users  at  LinuxWorld  talk  up  security. 

8  Microsoft  patch  causes  users  pain. 

10  Cellular,  Wi-Fi  convergence  on  display 
12  Cisco  pulling  plug  on  three  router  lines, 

14  Carrier  consolidation  pushed  Alcatel/Lucent  deal. 
16  Microsoft  executive  warns  of  rootkits. 


Net  Infrastructure 

19  All  eyes  on  Alcatel-Lucent 
merger. 

19  Symantec  tunes  up  its  I M 
monitoring. 

22  Mike  Rothman:  Xenophobia  is 
bad  for  the  security  business. 

Enterprise  Computing 

25  Nokia  eyes  corporate  mobility. 
25  EMC  software  archives  e-mail 
and  more. 

27  Microsoft  announces 
virtualization  freebie. 

Application  Services 

29  Microsoft  revamps  SharePoint 
server. 

29  LifeRay  overhauls  open  source 
portal  software. 

30  Scott  Bradner:  Net  as  a 

political  tool,  almost  a  joke. 

Service  Providers 

31  Johna  Till  Johnson:  Why  the 

Internet's  not  a  utility. 

31  VeriSign  embracing  mobile 
services. 


Technology  Update 

35  Patch  proxy  eases  update 
pressure. 

35  Steve  Blass:  Ask  Dr.  Internet. 

38  Mark  Gibbs:  Portable 
multimedia. 

38  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 

Opinions 

42  On  Technology:  Linux  on 
desktop  warming  up. 

43  Joel  Synder:  When  a  product  is 
better  than  the  company. 

43  Thomas  Nolle:  Will  the  AT&T- 
BellSouth  merger  hurt  IP  TV? 

61  BackSpin:  The  theory  of 
alternate  meetings. 

Management 

Strategies 

55  Hot  IT  jobs:  Managing  your 
most  important  IT  suppliers 
requires  attention  and  dedication. 
Employers  look  for  well-rounded 
tech  talent  with  application 
development  and  infrastructure 
skills,  and  vertical  experience. 


COOL  TOOLS 

The  Flash  Wristband  has  a 
USB  flash  storage  drive  with 
256MB  of  capacity  and  lets 
you  keep  your  files  right  at 
hand. 

Page  38 


Companies  complain  they're  spending 
millions  of  dollars  to  comply  with  the 
Sarbanes-Oxley  Act  —  money  that  could  be 
better  spent  making  their  companies  more 
productive  and  competitive. 


Clear  Choice  Test: 


Ruckus  Wireless  offers 
Ml MO-like  multimedia 
access  point. 
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Cool  Tools  Editor  Keith  Shaw  was 
in  Las  Vegas  last  week  and  blogs 
from  the  show  about  unhappy  cell 
phone  users  and  the  longest  cab 
line  in  history,  among  other 
things  DocFinder:  2935 

ITVideo:  Taking  on  Google  in  the 
enterprise 

Siderean  Software's  Robert 
Petrossian  takes  the  Network 
World  Hot  Seat  to  talk  about  the 
power  of  enterprise  search  and 
why  consumer-oriented  tools  just 


Online  help  and  advice 

Extending  Wi-Fi  range 

Help  desk  guru  Ron  Nutter  helps 
a  reader  improve  his  signal  in  his 
home  wireless  network. 

DocFinder:  2938 

Hosted  accounting  options 

Columnist  James  Gaskin  looks  at 
some  online  options  for 
QuickBooks  and  Peachtree  that 
ease  aggravation. 

DocFinder:  2939 

Is  it  time  for  a  chief  braoch 
architect? 

Analyst  Robin  Gareiss  says  orga- 


Seminars  and  events 

WLANs  &  Eoterprise  Mobility  -  Are  you  ready  to  know  no  limits? 

Today  wireless  technology  not  only  avoids  the  wall  socket,  it's  as  capable 
as  the  wired  LAN,  creating  a  seamless  world  of  integrated,  responsive 
solutions  —  and  opportunities  —  that  form  the  new  architecture  of 
the  truly  agile  enterprise.  Not  ready?  Then  attend  Wireless  LANs  & 
Enterprise  Mobility:  Know  No  Limits,  the  new  Technology  Tour  event  this 
month.  Check  dates  and  how  to  get  in  free  at: 

DocFinder:  2941 

BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder  1001 

Free  e-mai  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 


don't  cut  it  DocFinder:  2936 
WS-Sudoku 

Love  Sudoku?  Enjoy  Web  services? 
Executive  Editor  Adam  Gaffin  says 
you  should  check  out  WS-Sudoku, 
a  multiplayer  version  of  Sudoku 
that  relies  on  Web  services. 
DocFinder:  2937 

All-Star  call  for  entries 

Get  recognition  for  your  cool 
network  project.  Enter  our  2006 
Enterprise  All-Star  Award 
competition.  DocFinder:  2436 


nizations  need  someone  creating 
and  coordinating  a  technology 
strategy  for  the  branch  office. 

DocFinder.  2940 

Is  the  Web  Wallet  the  answer  to 
phishing? 

The  Alpha  Doggs  report  from  the 
Massachusetts  Institute  of 
Technology  on  Web  Wallet,  which 
forces  users  to  compare  and  then 
confirm  before  going  to  a  site 
instead  of  just  confirming. 
DocFinder:  2943 
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Keeping  VoIP  safe 

■  With  VoIP  starting  to  live  up  to  some  of  the  hype,  university 
researchers  are  looking  to  ensure  that  the  technology’s  momen¬ 
tum  in  corporate  and  residential  markets  won’t  be  ruined  by 
myriad  security  threats.The  National  Science  Foundation  last 
week  said  it  has  issued  $600,000  to  the  University  of  North  Texas 


TheGoodTheBadTheUgly 


<  Firefox  breaks  barrier.  Advocates  of 

competition  are  smiling  over  the  latest  browser  market  share 
numbers  from  audience  measurement  firm  Net  Applications: 
Firefox,  the  free,  open  source  Web  browser  from  Mozilla.org, 
quietly  gained  enough  users  in  March  to  finally  grab  10%  of 
the  Web  browser  market.  Microsoft's  Internet  Exporer  held 
nearly  85%. 


to  spearhead  development  of  a  multi-university  test  bed  to  study  VoIP  security  Other 
participants  are  Columbia  University  Purdue  University  and  the  University  of 
California-Davis.VoIP  spam,  denials  of  service,  91 1  services  and  QoS  will  be  among 


No  rush  to  RFIDP  Kevin  Ashton,  director  of  the 
MIT  center  that  developed  RFID  and  an  executive  with  a  company  that 
sells  RFID  readers,  warned  attendees  at  a  security  conference  last 
week  that  security  and  other  concerns  might  mean  it  is  decades  before 
the  full  RFID  revolution  unfolds.  "There's  a  lot  of  work  to  be  done,"  he 
said. 


the  areas  targeted  for  research  during  the  three-year  project.The  research  also  will 
look  at  vulnerabilities  that  emerge  from  the  integration  of  VoIP  and  legacy  networks. 
The  group  of  schools  plans  to  disseminate  its  findings  widely  to  technology  devel¬ 
opers,  academia  and  others  involved  in  network  convergence. 


For  sale:  Company  laying  off  5,000  people. 

Hmmm,  maybe  not  the  most  enticing  ad  in  the  world,  but  that's  what 
Computer  Sciences  Corp.  has  to  offer.  The  systems  integration  and  out¬ 
sourcing  services  company,  which  has  80,000  workers  worldwide,  says 
it  has  received  several  buyout  offers  and  has  retained  Goldman  Sachs 
to  advise  on  a  possible  deal. 


Air  space  up  for  sale 

■  ARINC,  a  77-year-old  military  and  aviation  commu¬ 
nications  company  owned  primarily  by  the  nations 
largest  airlines,  is  up  for  sale,  according  to  reports.The 
company  employs  3,000  people  and  had  $890  million 
in  revenue  in  2005.  It  gets  two-thirds  of  its  business 
from  the  U.S.  military  to  which  it  provides  wireless  sys¬ 
tems  that  let  all  branches  communicate  over  multiple 
devices.  ARINC  systems  also  are  the  backbone  for 
some  95%  of  the  U.S.  airline  industry’s  air-to-ground 
communications, and  roughly  70%  of  the  global  air-to- 
ground  market,  the  company  says.  Goldman  Sachs  is 
handling  the  sale,  but  no  buyers  have  come  forward. 
ARINC  was  formed  in  1929  as  a  neutral  party  to  man¬ 
age  the  infant  airline  industry’s  radio  frequencies. 

Nortel  CEO  keeps  talking  tough 

■  Nortel  will  closely  examine  all  its  product  cate¬ 
gories  and  consider  dropping  out  or  seeking  a  part¬ 
nership  or  joint  venture  anywhere  it  doesn’t  hold  or 
forecast  a  20%  market  share  or  better,  President  and 
CEO  Mike  Zafirovski  said  last  week  at  the  CTIA 
Wireless  trade  show  in  Las  Vegas.  Nortel  said  in  a  fil¬ 
ing  to  the  Ontario  Securities  Commission  that  it  will 
restate  revenue  for  some  periods  and  defer  it  to 
future  periods.  In  areas  where  that  doesn’t  look  real- 

COMPENDIUM  m——m 

Viral  batteries 

MIT  researchers  have  genetically  modified 
viruses  to  ingest  and  then  lay  down  thin  lay¬ 
ers  of  cobalt  oxide  and  gold  —  which  could 
then  one  day  be  used  to  help  build  new, 
ultra-dense  batteries  with  more  of  a  charge. 
Read  more  at 
vvvw.nwdocfindercom/2945. 
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“I  used  to  joke  that  every  time 
Andy  would  make  a  faster 
processor,  Bill  would  simply  use 
it  all  up.  It  was  like  an  arms 
race.  But  it  isn’t  really  funny;  it’s 
tragic.  Software  has  gotten  too 
fat  and  unreliable.  Linux  too.” 

Nicholas  Negroponte,  chairman  of  the  One  Laptop  Per  Child  pro¬ 
gram,  speaking  at  LinuxWorld  on  the  struggle  to  come  up  with  a 
simple,  fast  $ 100  laptop  for  children  in  developing  countries. 


istic,  it  will  consider  partnering  with  other  companies 
or  pulling  out.  If  results  don’t  meet  goals  in  a  particu¬ 
lar  geographic  area,  it  may  also  make  changes  on  a 
regional  basis,  he  added.  In  technology  categories 
that  are  just  emerging,  namely  Internet  Protocol 
Multimedia  Subsystems  and  WiMAX  wireless  broad¬ 
band  technology,  Nortel  aims  to  lead  the  market  and 
will  give  itself  three  to  five  years  to  achieve  that  goal, 
he  said.  As  part  of  a  massive  renovation  of  the  com¬ 
pany  he  took  over  late  last  year, Zafirovski  also  is  lead¬ 
ing  big  changes  in  executive  ranks  and  aims  to  make 
services  and  applications  a  much  bigger  part  of  the 
business. 

Berners-Lee  details  Semantic  Web 

■  Web  creator  Tim  Berners-Lee  says  the  next  phase  of 
the  Web,  dubbed  the  Semantic  Web,  could  start  mak¬ 
ing  its  presence  felt  at  companies  in  the  next  couple 
of  years.  He  provided  an  update  on  the  project  last 
week  to  more  than  400  attendees  at  the  MIT 


Information  Technology  Conference.  The  basic  idea 
behind  the  Semantic  Web  is  to  better  enable  sharing 
of  data,  including  what  Berners-Lee  calls  pre-Web 
data,  such  as  that  socked  away  in  spreadsheets  and 
databases.  A  big  part  of  the  effort  is  making  data  bet¬ 
ter  understood  by  computers,  and  the  Semantic  Web 
features  a  collection  of  technologies  designed  to  sup¬ 
port  that  goal.These  include  the  Resource  Description 
Framework,  which  Berners-Lee  says  “is  to  data  what 
HTML  is  to  documents.”  RDF  relies  on  technologies 
such  as  XML,  universal  resource  identifiers  and  less 
familiar  technologies  and  languages  such  as  OWL 
and  SparQL.  Berners-Lee  says  getting  people  to  appre¬ 
ciate  the  goal  of  the  Semantic  Web  remains  challeng¬ 
ing,  just  as  it  was  difficult  to  get  people  to  understand 
the  World  Wide  Web  before  it  existed.  Berners-Lee  is 
an  MIT  researcher  and  director  of  the  World  Wide  Web 
Consortium. 

Govt,  firms  don’t  abide  by  law 

■  According  to  a  Government  Accountability  Office 
study  released  last  week,  government  agencies  that 
use  information  services  firms  for  everything  from  law 
enforcement  to  counterterrorism  data-gathering  do 
not  protect  the  privacy  of  the  citizens’  data  they  use. 
The  GAO  analyzed  the  Justice  Department,  the 
Department  of  Homeland  Security  and  two  other 
agencies  that  use  outside  companies  to  collect  and 
maintain  billions  of  electronic  files  about  Americans. 
These  agencies  often  do  not  limit  the  collection  or 
use  of  information  about  law-abiding  citizens,  as 
required  by  the  Privacy  Act  of  1974,  and  don’t  ensure 
the  accuracy  of  the  information  they  buy, according  to 
the  GAO  report.  That’s  in  part  because  of  a  lack  of 
clear  guidance  from  the  agencies  and  the  Office  of 
Management  and  Budget  on  guidelines  known  as  fair 
information  practices,  the  report  said. 


STABILITY 


If  there's  one  constant  in  business  today,  it's  change. 
But  large  or  small,  internal  or  external,  change 
doesn't  have  to  impede  IT  service  delivery.  Think  of 
change  as  an  opportunity  for  IT  to  satisfy  fluctuating 
demand  while  maintaining  a  stable,  productive  work 
environment.  With  integrated  CA  software  solutions 
for  service  management  and  service  availability,  you 
can  unify  and  simplify  the  way  you  manage  complex 
IT  services  across  the  enterprise.  Anticipate  and 
prioritize  shifting  demand.  Automate  processes  to 
ensure  timely  delivery  and  reliability  of  service.  And 
leverage  industry  best  practices  such  as  ITIL.  It's  all 
possible  with  our  unique  approach  to  managing 
technology  called  Enterprise  IT  Management  (EITM). 
To  learn  more  about  how  CA  solutions  can  stabilize 
change  to  create  a  true  service-driven  IT 
environment,  visit  ca.com/deliver. 
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Users  at  LinuxWorld  talk  up  security 


“Open  source  doesn’t 
really  increase  our  security 
risk.  55 

Bob  Gatewood,  CTO,  Athena-Health 


BY  PHIL  HOCHMUTH 

BOSTON  —  In  conference  ses¬ 
sions  and  hallway  discussions  at 
LinuxWorld  Expo  last  week, open 
source  users  swapped  strategies 
for  hardening  Linux  servers  and 
building  open  source  applica¬ 
tions  that  can  repel  hackers, 
stand  up  to  regulators  and  sur¬ 
vive  the  scrutiny  of  intellectual- 
property  lawyers. 

One  company  betting  the  serv¬ 
er  farm  on  open  source  is 
AthenaHealth,  a  company  in 
Watertown,  Mass.,  that  processes 
insurance  claims  and  manages 
information  for  small  medical 
practices  and  large  hospitals.  The 
company  has  built  a  large 
extranet  application  based  on 
Linux  servers  running  Oracle, 
Apache  Web  Server  and  a  modi¬ 
fied  version  of  the  open  source 
SugarCRM  application. 

“Open  source  doesn’t  really 
increase  our  security  risk;  our  risk 
is  quite  large  for  plenty  of  other 
reasons,”  said  AthenaHealth  CTO 
Bob  Gatewood,  whose  company 
stores  15  million  medical  records, 
as  well  as  Social  Security  and 
credit  card  numbers  for  the 
patient  data  it  manages. 

Gatewood  delivered  a  keynote 


speech  at  the  conference,  which 
drew  about  8,000  attendees  and 
150  exhibitors. 

“It  doesn’t  make  a  difference  if 
your  infrastructure  is  open 
source  or  not,”  Gatewood  said. 
“The  security  issues  with  propri¬ 
etary  software  are  pretty  well 
publicized,  but  I  don’t  think  in 
general  there  are  any  fewer  secu¬ 
rity  holes  in  open  source  stuff. . . . 
Keeping  the  network  secure 
comes  down  to  our  testing 
process.” 

When  developers  want  to  use  a 
new  open  source  module,  the 
software  is  deployed  in  a  test  net¬ 
work  where  its  behavior  is  stud¬ 
ied,  and  it  is  put  though  security 
and  quality-assurance  testing. 
This  process  is  in  place  to  handle 
any  open  source  legal  and  tech¬ 
nical  risks. 

“This  triggers  a  process  where 
we  take  a  look  at  the  license  and 
give  it  to  our  lawyers,  and  our 
release  engineers  take  a  look  at 
the  code  to  determine  if  it’s  safe,” 
he  said. 

About  the  intellectual-property 
aspects  of  open  source,  Gate- 
wood  said,  “we  have  to  look  at 
what  [open  source]  we’re  using. 
Our  lawyers  are  very  much  inter¬ 


ested  in  keeping  track  of  what 
modules  and  licenses  we  use, 
whether  it’s  [General  Public 
License]  or  something  else.”  Be¬ 
cause  AthenaHealth  does  not 
make  major  modifications  to  the 
open  source  software  it  uses, 
issues  of  violating  open  source 
licenses  by  tinkering  with  code 
are  not  much  of  a  factor. 

Predeployment  technical  test¬ 
ing  of  open  source  code  is  also 
an  important  process  for  Midwest 
Tool  &  Die  in  Fort  Wayne,  Ind.  It 
uses  Linux  servers,  Apache  and 
SugarCRM  to  run  its  manufactur¬ 
ing  and  e-commerce  systems. 

“We  test-bed  everything,”  said 
Craig  Swanson,  vice  president  of 
systems  for  the  manufacturer.  “I 
can  duplicate  my  network  now 
very  easily  with  virtual 
machines,”  in  order  to  set  up  a 


full  replica  of  the  network  for 
tests.  “We  have  an  open-door  pol¬ 
icy  on  installing  anything  you 
want  in  the  test  environment.  But 
we’re  rigid  on  documentation, 
and  we’re  rigid  on  testing  and 
verifying  what  packages  we  can 
install  on  the  final  system.” 

The  company  uses  Fedora 
servers,  the  free,  open  source  ver¬ 
sion  of  Red  Hat  Linux,  to  run  its 
production  environment  and 
Web  presence.  As  a  precaution, 
Swanson  uses  the  open  source 
Mondo  Archive  tool  to  take  snap¬ 
shots  of  its  production  server 
images,  and  keeps  backup  con¬ 
figurations  that  can  be  brought 
online  quickly  in  case  of  failures 
or  system  problems. 

Swanson  also  uses  Security 
Enhanced  Linux  (SE  Linux), a  set 
of  Linux  policies  and  access- 


Microsoft  patch  causes  users  pain 


BY  JOHN  FONTANA 
AND  ELLEN  MESSMER 

Companies  using  Microsoft’s 
ActiveX  technology  within  their 
Web  applications  will  have  to 
install  a  patch  this  week  to  avoid 
the  possibility  that  changes  in 
Internet  Explorer  could  affect 
those  applications  adversely 

The  issue  is  similar  to  one  users 
and  independent  software  ven¬ 
dors  faced  with  Windows  XP  SP2, 
which  included  security  changes 
that  broke  some  applications.  The 
potential  effects  of  the  ActiveX 
changes  being  made  in  an 
Internet  Explorer  security  patch 
slated  to  ship  April  11  are  less 
severe,  in  that  they  can  change  the 
way  some  Web-based  intranet  and 
Internet  applications  function  but 
will  not  shut  them  down  com¬ 
pletely 

Microsoft  is  taking  the  unusual 
step  of  offering  a  compatibility 
patch  to  the  April  1 1  patch  that  is 


Patching  Internet  Explorer 

Microsoft  this  week  is  issuing  a  temporary  compatibility  patch 
so  corporate  users  can  block  changes  being  made  in  the  way 
Internet  Explorer  handles  ActiveX  controls,  which  could  affect 
Web-based  applications  negatively. The  temporary  patch  gives 
users  time  to  test  their  applications.  Here  are  Microsoft’s 
recommendations: 

Enterprise  users: 

•  Test  applications  against  the  ActiveX  changes,  which  were  released  Feb.  28. 

•  Deploy  the  Internet  Explorer  security  update  when  it  ships  April  11. 

•  Deploy  the  compatibility  patch,  which  blocks  the  ActiveX  changes,  as  part  of  the 
April  11  update,  to  ensure  that  applications  still  function  as  usual. 

•  Finish  testing  applications  before  June  13,  the  day  the  compatibility  patch  will 
expire. 

Independent  software  vendors 

•  Test  applications  against  the  ActiveX  changes. 

•  If  problems  occur,  contact  Microsoft. 

•  Release  new  code  before  the  June  13  expiration  of  the  compatibility  patch. 

Users 

•  Upgrade  Internet  Explorer  6.0  using  Windows  Update  or  Microsoft  Update. 


designed  to  reverse  the  ActiveX 
changes  for  two  months  to  give 
users  more  time  to  test  their  appli¬ 
cations. 

If  users  don’t  change  their  appli¬ 
cation  code,  patched  versions  of 
Internet  Explorer  will  still  load 
ActiveX  controls  within  those 
applications,  but  users  will  have  to 
click  on  them  before  they  are  acti¬ 
vated  instead  of  them  automati¬ 
cally  being  live. 

Some  users  are  not  pleased 
about  the  work  involved  in  mak¬ 
ing  changes. 

Doug  Sweetman,  senior  technol¬ 
ogy  officer  at  Boston-based  finan¬ 
cial  services  firm  State  Street,  says 
he  considers  the  changes,  brought 
about  by  Microsoft’s  involvement 
in  a  patent-infringement  case,  to 
be  time-consuming  and  disruptive 
for  his  company. 

State  Street  uses  ActiveX  in  some 
of  its  intranet  and  Internet-facing 
See  Microsoft  page  10 


control  code  that  limits  the  abili¬ 
ty  of  hackers  to  gain  access  to  a 
server  by  exploiting  weaknesses 
in  the  software  running  on  top  of 
the  operating  system. 

“SE  Linux  has  been  terrific,” 
Swanson  said.  In  addition  to  vet¬ 
ting  code  before  deployment,  SE 
Linux  provides  another  level  of 
assurance  that  the  code  won’t  be 
exploited.  “We  deny  everything 
and  allow  just  what  we  want” into 
and  out  of  the  servers  via  SE 
Linux  policies,  he  said. 

Dominion  Diagnostics,  a  Rhode 
Island  company  that  provides 
online  medical  lab  services,  also 
uses  SE  Linux  to  secure  its  Web 
applications  and  data  —  which, 
like  AthenaHealth,  are  scruti¬ 
nized  under  such  regulations  as 
the  Health  Insurance  Portability 
and  Accountability  Act. 

“With  SE  Linux,  if  someone 
breaks  and  hacks  the  applica¬ 
tions,  fine,”  said  Joseph  Morin,  net¬ 
work  operations  manager  for 
Dominion  Diagnostics.  “But 
they’re  not  getting  anywhere; 
they  can’t  execute  anything  I 
don’t  want  them  to,”  because  of 
the  limitations  SE  Linux  puts  on 
how  applications  can  use  system 
memory,  processors  and  configu¬ 
ration  files. 

All  of  Dominion’s  Web-facing 
servers  —  which  run  Red  Hat 
Linux  —  have  SE  Linux  turned 
on,  Morin  said.  While  it  is  a  useful 
tool,  he  added,  configuration  and 
management  of  policies  is  com¬ 
plex  and  arcane  —  SE  Linux 
technology  was  developed  by 
the  National'  Security  Agency, 
after  all.  “It’s  complicated  and 
very  technical”  to  edit  policies  for 
how  software  runs  under  SE 
Linux,  Morin  says.  But  with  secu¬ 
rity  threats  around  Linux  rising, 
Morin  said  it’s  standard  practice 
to  use  SE  Linux,  as  well  as  other 
open  source  security  enhance¬ 
ment  tools  such  as  Tripwire  and 
Swatch,  which  create  alerts  when 
Linux  servers  are  misused. 

“Windows  and  Linux  both  have 
different  problems,”  in  terms  of 
security,  Morin  said.  “As  Linux  is 
more  widespread,  people  are  def¬ 
initely  targeting  that.”B 
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Seilular,  Wi-Fi  convergence  on  display 

CTIA,  Wi-Fi  Alliance  joining  forces  to  certify  products. 


BY  JOHN  COX 

Announcements  at  last  weeks 
CTIA  Wireless  show  reveal  the  out¬ 
lines  of  emerging  hybrid  wireless 
networks,  which  will  let  mobile 
devices  use  an  array  of  wireless 
technologies  to  stay  connected 
with  carrier-  and  enterprise-based 
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applications. 

The  annual  show  attracted  an 
estimated  20,000  attendees  to  see 
the  latest  and  greatest  in  wireless 
communications  technologies, 
products  and  services. 

New  smart-phones  are  hitting 
the  market  with  wireless  LAN 
(WLAN)  and  cellular  radios,  and 
in  some  cases,  a  Bluetooth  radio. 
More  importantly  new  wireless- 
network  infrastructure  products 
offer  this  same  radio  pairing  and 
include  IP  Multimedia  Subsystem 
(IMS)  software  to  switch  users 
between  networks.  New  carrier 
services  are  recognizing  how  crit¬ 
ical  these  devices  and  their  enter¬ 
prise  data  are,  by  letting  users  eas¬ 
ily  back  up  contacts,  calendars, 
and  other  personal  and  even 
application  data. 

Samsung  unveiled  the  T709 
handset,  a  GSM  smart-phone  that 


also  includes  support  for  Wi-Fi. 
The  phone  allows  calls  to  be 
switched  between  Wi-Fi  and  cellu¬ 
lar  networks  while  they  are  in 
progress. 

A  test  for  convergence 

The  Wi-Fi  Alliance  and  CTIA 
announced  they  are  drafting  a 
program  to  certify  interoperability 
of  these  new  mobile  phones,  as 
the  alliance  does  today  for  Wi-Fi 
products  and  CTIA  does  for  tradi¬ 
tional  cell  phones.The  initial  tests 
will  focus  on  radio  frequency  per¬ 
formance  attributes  such  as  trans¬ 
mit  output  power  and  receive  sen¬ 
sitivity  Carriers  will  be  able  to  see 
a  standard  set  of  metrics  for 
assessing  client  devices  for  their 
networks,  said  Frank  Hanzlik, 
managing  director  of  the  alliance. 
More  details  will  be  released  in  a 
few  months,  he  said. 


Microsoft 

continued  from  page  8 

facing  applications.  “We  have  to  test  [the  patch] 
first  to  make  sure  it  doesn’t  break  our  applica¬ 
tions,”  he  says. 

Microsoft  officials  say  the  time  and  difficulty 
required  by  Web  developers  to  change  applications 
is  “scaled  based  on  the  number  of  pages  and  con¬ 
trols  affected.” 

Some  users  have  already  done  testing  and  are 
working  to  fix  applications. 

“A  lot  of  our  internal  applications  rely  on  ActiveX 
controls,  and  the  vendor  has  not  updated  those 
yet,”  says  Jay  Leal,  vice  president  of  technology  for 
the  Inter  National  [stet  -  two  words]  Bank  in 
McAllen,  Texas.  He  doesn’t  characterize  the 
changes  as  a  major  application  rework,  but  says 
developers  do  have  to  tweak  the  way  ActiveX  con¬ 
trols  are  loaded. 

Some  widely  deployed  programs  that  use  ActiveX 
controls  within  the  browser  include  Adobe’s 
Reader  and  Flash,  Apple’s  QuickTime  Player, 
Microsoft’s  Windows  Media  Player,  RealNetworks’ 
RealPlayer  and  Sun’s  Java  Virtual  Machine. 

Leal,  who  cites  recent  patent  cases  against 
Research  in  Motion  and  eBaysays  he  believes  more 
of  this  type  of  litigation  is  coming  and  will  possibly 
be  disruptive  to  corporate  users. 

“For  the  most  part,  Microsoft  has  helped  people 
along,  let  them  know  what  is  going  on,  and  they  are 
providing  a  fix  for  this,”  he  says. 

But  others  say  the  issue  attests 
to  what  they  have  believed  all 
along  about  the  dangers  of  using 
ActiveX,  which  is  similar  to  Java 
Applets  but  provides  little  securi¬ 
ty  and  only  operates  within 


Internet  Explorer. 

“This  is  giving  us  more  fodder  not  to  have 
[Internet  Explorer]  on  our  desktops,”  says  Keith 
Mann,  network  engineer  for  Harrison  School 
District  2  in  Colorado  Springs,  Colo.  “We  have  made 
major  application  decisions  where  vendors  who 
couldn’t  guarantee  us  support  outside  of  [Internet 
Explorer], we  just  didn’t  deal  with  them.” 

Microsoft’s  alterations  to  the  way  ActiveX  controls 
are  loaded  in  Internet  Explorer  are  in  response  to 
an  ongoing  patent  infringement  case  brought  by 
Eolas  Technologies  and  the  University  of  California. 
A  jury  awarded  the  pair  $521  million  in  damages  in 
August  2003.  In  2005,  a  U.S.  Court  of  Appeals  over¬ 
turned  the  verdict,  and  a  new  trial  date  in  district 
court  is  expected  to  be  set  for  this  year. 

In  the  interim,  Microsoft  is  making  changes  that 
will  require  ActiveX  controls  be  loaded  via  scripts 
instead  of  embedded  in  HTML  code. 

Microsoft  is  mum  on  why  it  is  making  the 
changes,  citing  the  ongoing  legal  dispute,  but  it  has 
been  vocal  in  recommending  that  users  test  their 
applications  before  the  ActiveX  patch  ships  April 
1 1 .  It  is  a  required  upgrade  for  Internet  Explorer  6.0 
running  on  Windows  XP  SP2,  Windows  Server  2000 
SP1  and  Windows  Server  2003  R2. 

The  compatibility  patch  is  effective  until  June  13. 
“We  do  not  expect  major  incompatibility  issues,”  a 
Microsoft  spokeswoman  says.  “Microsoft  is  releas¬ 
ing  the  compatibility  patch  because  some  enter¬ 
prise  customers  have  given  feedback  that  more 
time  is  needed  to  ensure  corporate  line-of-business 
applications  are  compatible  with 
the  ActiveX  changes.” 

Microsoft  says  the  ActiveX 
changes  are  applicable  only  to 
Internet  Explorer  and  not  other 
applications  that  host  ActiveX 
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But  vendors  of  all  kinds  are 
moving  toward  hybrid  networks. 

Boingo  Wireless  and  Kineto 
Wireless  said  they’re  introducing 
client  software  that  will  let  dual¬ 
mode  Windows  Mobile  5.0  hand¬ 
sets  link  with  a  Kineto  server 
implementing  the  Unlicensed 
Mobile  Access  (UMA)  specifica¬ 
tion.  UMA  lets  a  handset  sub¬ 
scriber  connect  over  a  wireless  IP 
connection,  such  as  one  of 
Boingo’s  network  of  30,000  Wi-Fi 
hot  spots,  to  access  IP-based 
voice,  data  and  IMS  services 
offered  by  wireless  carriers  and 
operators. 

IMS  bridging  the  gap 

Nortel  has  expanded  its  IMS 
portfolio  with  the  Wireless 
Mobility  Gateway  6000,  which 
supports  the  IMS  Voice  Call 
Continuity  (VCC)  standards.  The 
gateway  lets  service  providers 
bridge  between  3G  cellular  net¬ 
works  and  WLAN  hot  spots  and 
meshes.  The  gateway  supports 
features  such  as  caller  ID,  call 
waiting  and  call  hold,  call  screen¬ 
ing  and  routing,  Short  Message 
Service,  and  instant  messaging. 

A  similar  approach  was  demon¬ 
strated  by  PCTel  and  BridgePort 
Networks.They  showed  how  their 
IMS  software  could  transfer  a 
voice  call  from  a  Windows-based 
handset  between  GSM  and  Wi-Fi 
networks  without  dropping  the 
connection.  PCTel’s  Roaming  Cli- 
ent-VE  (voice-enabled)  applica¬ 
tion  worked  with  Bridgeport’s  No- 
madicOne  IMS  Convergence 
Server.  Both  products  support  the 
VCC  standards. 

IMS-based  services  in  mobile 
networks  are  designed  to  act  as 
an  application  overlay  spanning 
cellular  and  Wi-Fi  networks. 
Mobile  workers  will  have  more 
connectivity  options  over  broader 
areas,  and  work  on  lower-cost 
WLAN  connections  when  those 
are  available. 

An  example  of  carrier-based 
data-management  services  is 
VeriSign’s  new  cell  phone  backup 
service.  Backup  Plus  is  a  hosted 
self-service  capability  that  lets  cel¬ 
lular  subscribers  back  up  and 
restore  personal  data  on  mobile 
phones. 

Initially  the  service  will  store 
data  in  a  phone’s  address  book. 


Later  in  2006, VeriSign  plans  to  add 
calendar  data,  pictures,  video  and 
audio  content.  In  May  Cincinnati 
Bell  is  slated  to  be  the  first  carrier 
to  launch  the  service. 

Other  infrastructure  news  in¬ 
cluded: 

•  Sprint  Nextel  announced  a 
battery  of  new  Evolution  Data 
Optimized  (EV-DO)  wireless 
cards,  routers  and  USB  cards,  and 
support  for  enterprise  applica¬ 
tions  on  its  national  EV-DO  net¬ 
work.  The  products  will  give  sub¬ 
scribers  more  options,  including 
new  laptop  cards  from  Novatel 
Wireless  and  Sierra  Wireless,  for 
connecting  to  the  high-speed  cell 
network.  The  carrier  says  it  is  ex¬ 
panding  the  network  and  upgrad¬ 
ing  it  to  support  slightly  increased 
download  speeds  but  uplinks  that 
increase  to  an  average  of  300K  to 
400Kbps  from  70K  to  144Kbps. 

•  Cingular  Wireless  said  it  is 
working  with  HP  to  integrate  its 
Universal  Mobile  Telecommuni¬ 
cations  System(UMTS)/High 
Speed  Downlink  Packet  Access 
(HSDPA)  wireless  data  service 
into  HP  laptop  computers  due 
out  later  this  year.  Many  GSM 
providers  are  migrating  to  the 
UMTS/HSDPA  3G  specification. 

•  BelAir  Networks  unveiled  two 
outdoor  wireless  mesh  nodes.The 
BelAir300  has  six  slots  available 
for  any  combination  of  radios, 
now  including  cellular  base  sta- 
tions.The  node  can  be  configured 
with  different  radios  for  client 
access  and  for'the  backhaul  mesh 
links.The  new  BeLAirlOOC  is  a  two- 
radio  node,  and  is  designed  as  a 
midrange  offering  for  moderately 
loaded  networks.  It  uses  a  2.4-GHz 
radio  for  client  access  and  a 
5-GHz  radio  for  backhaul.  Pricing 
varies  with  the  configuration. 

Senior  Editor  Denise  Fhppalardo 
contributed  to  this  story.  Additional 
reporting  by  IDG  News  Service. 
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Sterling  Commerce  leads  the  world  in  helping 
businesses  collaborate  with  their  partners. 


Of  course,  we've  had  a  30  year  head  start. 


For  over  30  years,  Sterling  Commerce  has  led  the  industry  in  helping  successful  organizations  work  more 
effectively  with  suppliers,  subsidiaries  and  customers.  Now,  with  the  first  platform  to  meet  all  the  challenges 
of  real-world  multi-enterprise  collaboration,  Sterling  Commerce  can  help  you  achieve  end-to-end  visibility, 
and  real-time  control  over  shared  business  processes.  So  you  can  make  faster,  better-informed  decisions  to 
help  cut  costs  and  accelerate  time  to  market.  In  fact,  a  majority  of  the  world's  leading  companies  already 
depend  on  us.  That's  a  tough  act  to  follow.  Contact  us  today.  Or  visit  us  at  www.sterlingcommerce.com 
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Hit  the  WAN  accelerator 

A  new  Application  Control  Engine  (ACE)  blade  for  Cisco 
Catalyst  6500  switches  sits  in  front  of  servers  and  databases 
to  speed  interaction  times  with  remote  users.  It  lets  different 
rules  be  applied  to  different  servers  or  server  groups. 


Remote  users 


Partitioning  allows  separate  session  rules 
for  separate  Web  resources. 


Web  apps  server 


(rmnmuvL$ 


WAN 


Redundant 
Catalyst 
6500s  with 
ACE  blades 


Database 

Partitions  can  be  backed  up 
on  separate  blades  located  in 
separate  switch  chassis. 

Role-based  access  management  in  the 

ACE  blade  lets  users  divvy  up  resources 
and  workloads. 

WAN 

continued  from  page  1 

the  company  says.  The  blade  will 
reside  in  a  switch  deployed  be¬ 
tween  a  server  and  the  WAN  to 
improve  traffic  flow.  It  can  be  seg¬ 
mented  logically  via  virtual  parti¬ 
tioning  support;  one  blade  can  be 
divided  into  250  partitions,  Cisco 
says  (see  graphic). 

Cisco  also  is  announcing  up¬ 
grades  to  its  Application  Velocity 
System  (AVS)  device,  which  pro¬ 
vides  application-layer  security 
for  server  farms. 

In  concert  with  an  ACE  blade, 
AVS  6.0  inspects  application 
traffic,  enforces  policies  and  col¬ 
lects  logs  for  security  forensics 
analysis.  Cisco  says  the  ACE 
module  has  slots  for  daughter 


cards  that  eventually  will  sup¬ 
port  AVS  software. 

Industry  watchers  say  while 
Cisco  is  providing  a  solid  product 
in  ACE,  it  may  have  waited  too 
long  to  wade  back  into  the  appli¬ 
cation-acceleration  market,  which 
in  2005  represented  about  $1.2 
billion  in  revenue  for  vendors 
worldwide,  according  to  Gartner. 

Earlier  in  the  decade,  Cisco  had 
dominated  the  technology  area, 
ahead  of  competitors  such  as 
Citrix/NetScaler,  F5  Networks  and 
Foundry  Networks,  but  it  appar¬ 
ently  lost  interest  with  the  then- 
$300  million  market,  according  to 
Joel  Conover,  a  principal  analyst 
with  Current  Analysis.  Other  ven¬ 
dors  such  as  Radware  and  Juniper, 
with  its  Redline  Networks  acquisi¬ 
tion,  also  could  provide  competi¬ 


tion  for  Ciscos  ACE  product. 

Using  technology  in  its  content¬ 
switching  module  (CSM)  and 
adding  the  AVS  technology 
acquired  with  FineGround,  Cisco 
is  attempting  to  win  back  some 
customers.  ACE  does  not  replace 
the  CSM  module,  though  Cisco 
says  it  put  many  CSM  features, 
such  as  content-switching  and 
server  load-balancing,  into  ACE. 
Cisco  proposes  customers  run 
the  two  modules  side  by  side 
until  it  adds  more  CSM  features  to 
the  ACE. 

“If  you’re  a  Cisco  customer, 
you’d  have  to  seriously  consider 
this  product,  as  Cisco  is  investing 
in  this  area  with  vigor,  but  if  you 
want  absolute  best  of  breed  on  a 
feature-to-feature  basis  today  you 
might  decide  to  go  with  a  com¬ 
petitor”  Conover  says. 

Some  customers  say  they  will  at 
least  evaluate  the  product,  but 
they  do  require  Cisco  to  provide 
better  management  capabilities. 
“The  consolidated  functions  are 
nice,  in  that  we  can  reduce  our 
variety  of  inventory  by  using  the 
same  chassis,  power  supplies  and 
sometimes  environmental  con¬ 
trols  into  one  box,”  says  Brian 
Jones,  network  engineering  and 
operations  manager  at  Virginia 
Polytechnic  Institute  and  State 
University  in  Blacksburg,  who 
uses  CSM  modules  in  his  6509 
switches  to  provide  load-balanc¬ 
ing  services  across  the  campus. 

He  says  he  is  looking  into  ACE 
and  considering  the  advantages 
of  a  consolidated  platform.  “We 
are  hoping  the  new  load-balanc¬ 
ing  functions  of  this  product  will 
be  more  redundant.  We  would 
like  to  be  able  to  change  portions 
of  a  configuration  without  com¬ 
pletely  taking  the  service  offline.” 

On  the  downside,  Jones  says, 
“there  are  some  disadvantages 
when  it  comes  to  network  man¬ 
agement.  Many  modules  such  as 
the  CSM  are  difficult  to  manage 
with  fault-management  and 
capacity-planning  tools.” 

Mike  Tardif  is  a  Catalyst  6500 
customer  who  is  evaluating  ACE. 
Tardif,  vice  president  and  general 
manager  of  global  hosting  ser¬ 
vices  at  managed  outsourced  IT 
services  provider  Sawis  Commu¬ 
nications,  says  the  ACE  module’s 
performance  and  management 
capabilities  are  making  him  con¬ 
sider  replacing  his  proprietary  sys¬ 
tems  with  it.  “The  performance 
and  ease  of  management  are 
very  key  to  us.  The  folks  that 
monitor  and  manage  the  exist¬ 


ing  6500  could  manage  this  as 
well,”  he  says. 

ACE  ships  this  week  and  comes 
in  three  flavors:  4Gbps  through¬ 
put,  priced  at  $40,000;  8Gbps, 
priced  at  $60,000;  and  16Gbps, 
priced  at  $100,000. 

Meanwhile,  Juniper  plans  to  an¬ 
nounce  an  upgrade  to  software 
for  its  WX  WAN-acceleration  de¬ 
vices,  which  improve  wide-area 
application  performance  and 
cram  more  traffic  onto  fixed-size 
WAN  links. 

Unlike  Cisco’s  ACE  blades,  WX 
devices  sit  at  both  ends  of  a  WAN 
link,  rather  than  in  front  of  a  data 
center,  and  use  a  variety  of  meth¬ 
ods  to  compress,  optimize  and 
prioritize  traffic.  By  transferring 
data  more  efficiently,  the  devices 
reduce  congestion;  by  optimiz¬ 
ing  application  transactions  at 
the  same  time,  they  improve 
response  times. 

The  new  software  will  let  carri¬ 
ers  more  easily  take  over  manag¬ 
ing  these  devices  for  large  num¬ 
bers  of  customers  and  provide 
tools  for  provisioning  them  re¬ 
motely.  Juniper  says,  in  much  the 
same  way  providers  control  and 
provision  routers  in  managed 
router  services. 

For  example,  SITA,  the  IT  pro¬ 
vider  to  air  transport  businesses 
in  Geneva,  uses  Juniper  WAN- 
acceleration  gear  as  part  of  a 
managed  service  that  saves  its 
customers  money  by  reducing 
their  need  for  higher-bandwidth 
links. 


It  does  so  without  benefit  of  the 
carrier-grade  management  soft¬ 
ware,  however.  Juniper  says  it 
hopes  the  new  software  will  en¬ 
courage  other  providers  to  offer 
this  type  of  service,  which  would 
eliminate  the  need  for  customers 
to  buy  their  own  devices,  but 
would  boost  their  monthly  ser¬ 
vice  provider  bills. 

The  ROI  of  WAN-acceleration 
devices  is  so  good  that  businesses 
large  enough  to  afford  them  likely 
wouldn’t  want  to  pay  a  recurring 
fee  for  such  a  service,  says  Roger 
Leuchtefeld,  senior  network  engi¬ 
neer  for  Ameren  Services  in  St. 
Louis,  which  uses  Juniper  WAN 
acceleration. 

“Once  they’re  up  and  running, 
you  let  them  cook  and  do  their 
thing.  They  don’t  take  a  lot  of 
attention,”  he  says.  Businesses 
strapped  for  cash  and  staff  would 
be  more  interested,  he  says. 

“A  smaller  company  with  a 
smaller  IT  staff  that  didn’t  want  to 
purchase  it  might  want  to  pay  an 
additional  fee  on  top  of  their  WAN 
costs  for  the  service,”  he  says. 

Juniper’s  competition  in  WAN 
acceleration  includes  F5,  Orbital 
Data  and  Riverbed.  Riverbed  says 
it  has  10  service-provider  cus¬ 
tomers  using  its  gear  to  support 
managed  services,  but  does  not 
have  clearance  to  name  them.B 
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Cisco  pulling  plug  on 
three  router  lines 

BY  PHIL  HOCHMUTH 

Cisco’s  end-of-life  announcement  for  its  1700,2600  and  3700  series  of 
router  platforms  isn’t  catching  users  by  surprise. 

Cisco  recently  said  it  will  stop  selling  these  platforms  in  March  2007. 
Among  them,  the  2600  is  one  of  Cisco’s  most  widely  deployed  products, 
with  more  than  2  million  units  shipped.Technical  support  will  continue 
for  the  devices  until  2012.  With  plenty  of  time,  users  say  they’ve  already 
started  to  upgrade,  but  such  moves  will  be  gradual. 

The  bell  began  tolling  for  the  1700,2600  and  3700  series  two  years  ago, 
when  Cisco  released  its  Integrated  Services  Router  (ISR)  line  —  includ¬ 
ing  the  1800,2800  and  3800  series.  Large  Cisco  shops  that  rely  on  hun¬ 
dreds  of  2600s  as  the  base  of  their  WAN  infrastructure  have  been  prepar¬ 
ing  slowly  for  the  changeover. 

“We’re  in  the  process  of  swapping  out  our  2600s  right  nowfsays  Dick 
Emford,  lead  network  analyst  for  plastics  manufacturer  Newell  Rubber¬ 
maid  of  Freeport,  Ill.The  company  which  has  more  than  250  Cisco  2600s 
installed,  has  migrated  around  30%  of  its  WAN  to  the  ISR  2800,  with 
2600s  making  up  the  other  70%. 

“We  saw  this  coming  a  long  time  ago,  and  we’ve  gradually  been  swap¬ 
ping  them  out,”  Emford  says  of  the  2600s.  He  says  the  ISRs  provide  bet¬ 
ter  performance  and  more  features  and  cost  roughly  the  same.“Under 
the  covers,  the  ISRs  have  more  memory  and  lots  of  built-in  features  for 
security  and  VoIP;  it’s  just  a  better  box.” 

To  ease  migration,  Newell  Rubbermaid  prestages  all  the  ISR  2800s  it 
deploys  with  IOS  configurations  similar  to  the  retiring  2600s’,  and  tests 
the  newer  boxes  for  backwards  compatibility  with  protocols  and  ser¬ 
vices  running  on  the  older  routers. 

“It’s  not  really  an  issue  for  us,”  he  says  of  the  swap-out. 

The  2600-to-2800  series  migration  also  is  happening  slowly  at  Kodak 
in  Rochester,  N.Y,  which  uses  more  than  50  of  the  2600  series  routers 
across  its  worldwide  Frame  Relay  and  IP  VPN  networks. 

“We  don’t  have  a  regularly  scheduled  upgrade  or  refresh  cycle  for  our 
routers,”  says  John  Parsons,  project  manager  for  Kodak  Global  Tele¬ 
communications,  Worldwide  Information  Systems.“A  lot  of  our  routers 
come  from  the  service  providers,  who  give  them  to  us  as  part  of  a  man¬ 
aged  service,  so  we  rely  on  them  to  make  a  lot  of  those  changes.” 

With  IT  budgets  tightening,  getting  funding  for  a  wide-scale  upgrade 
is  hard  anyway,  he  adds.“We’re  taking  [older  Cisco  routers]  out  grad- 

See  2600,  page  16 


Chaos,  now  under 
your  control. 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Dual-Core  AMD  Opteron™  200  Series  processors 

•  High  density:  Up  to  96  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 


HP  PROLIANT  BL35p  BLADE  SERVER 


Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


HP  BladeSystem  servers  offer  tools  to  help  you  keep  pace  with  fluctuating  demands.  The  HP 


•  Integrated  Cisco  or  Nortel  switch  options 

Save  up  to  $1,200  instantly  on  the  purchase  of  the 
HP  ProUant  BL35p  Blade  Server 


ProLiant  BL35p  Blade  Server  is  designed  to  relieve  some  of  the  stress.  Its  AMD  Opteron™ 
processors  offer  dual-processor  power  with  breakthrough  efficiency.  With  management 


features  like  the  Rapid  Deployment  Pack  that  lets  you  deploy  and  redeploy  blades  without 
missing  a  beat,  and  a  single-view,  graphical  user  interface  that  streamlines  monitoring 
and  configuration,  HP  BladeSystem  servers  work  with  you  so  you  don't  have  to  work  so 


HP  STORAGEWORKS  MSA1500cs 


with  StorageWorks  Essentials  Management  Software 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 

Get  2TB  of  storage  free  ($2,008.80  value) 


hard.  And,  bundled  with  the  StorageWorks  MSA1500cs,  you  can  reduce  the  cost  and 
complexity  of  deploying  a  storage  area  network  giving  you  a  better  return  on  investment. 

Save  up  to  $1,200  instantly  on  the  purchase  of  the  HP  ProLiant  BL35p  Blade  Server.’ 
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AMD 


Opteron 


Call  1-888-223-5441 
Click  hp.com/go/bladesmag49 
Visit  your  local  reseller 


1 .  Save  up  to  $1,200  instantly  on  the  purchase  of  the  HP  ProLiant  BL35p  Blade  Server.  Offer  valid  through  4/30/06. 2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1500cs  devices.  Offer  valid  through  4/30/06.  All  offers  available 
from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination  Reseller  prices  may  vary.  See  Web  site  for  full  details  Photography  may  not 
accurately  represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  AMD,  the  AMD  Arrow  Logo,  AMD  Opteron  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices,  Inc.  ©2006  Hewlett-Packard  Development  Company,  L.P. 
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Carrier  consolidation  pushed  Lucent 


BY  JIM  DUFFY 

It  was  only  a  matter  of  time  be¬ 
fore  consolidation  among  the  big 
telecom  equipment  vendors  took 
hold. 

The  April  2  merger  agreement 
between  Lucent  and  Alcatel 
shows  how  suppliers,  seeing  their 
carrier  customers  combine  to 
gain  breadth  and  scale,  feel  com¬ 
pelled  to  follow  suit. 

Nick  Maynard,  a  senior  analyst 
at  The  Yankee  Group,  calls  the  pro¬ 
posed  merger  “another  confirma¬ 
tion  of  the  telecommunications 
industry  experiencing  dramatic 
changes  in  business  models,  strat¬ 
egy  and  operations.” 

That  new  structure  consists  of 
fewer,  larger  players  for  telecom 
vendors  to  sell  into.  It’s  been 


brought  about  by  the  multibillion- 
dollar  acquisitions  of  AT&T  and 
MCI  by  SBC  and  Verizon,  respec¬ 
tively,  and  by  AT&T’s  plans  to 
acquire  BellSouth.  These  mega¬ 
mergers  have  been  fueled  by  in¬ 
creasing  competition  from  cable 
companies,  wireless  operators, 
VoIP  providers  and  low-cost  over¬ 
seas  suppliers. 

Even  competitive  local  ex¬ 
change  carriers  (CLEC)  are  feel¬ 
ing  the  urge  to  merge.  In  February 
CTC  and  Choice  One  announced 
their  intent  to  combine,  and  two 
weeks  ago  they  announced  plans 
to  acquire  Conversent  Communi¬ 
cations  to  create  what  they  say 
will  be  the  second-largest  CLEC  in 
the  United  States. 

On  the  equipment  side,  Asian 


suppliers  such  as  Huawei  Tech¬ 
nologies  and  ZTE  are  becoming 
formidable  competitors  globally, 
consistently  and  drastically  un¬ 
dercutting  traditional  North 
American  and  European  vendors 
on  price  —  and  gaining  signifi¬ 
cant  market  share  overseas. 

As  carriers  consolidate,  the  im¬ 
pact  on  vendors  is  manifold.  Not 
only  do  they  lose  customers,  they 
lose  negotiation  leverage  on  pric¬ 
ing. 

The  megacarriers  can  unify 
their  procurement  activities  for 
wireline  and  wireless  endeavors, 
eliminate  the  buildout  of  parallel 
networks  (which  reduces  de¬ 
mand)  and  vanquish  other  re¬ 
dundancies. 

They  need  to  offer  products  and 


services  to  fulfill  the  new  scope 
and  scale  of  their  combined  cus¬ 
tomers,  eliminate  their  own  re 
dundancies  and  generate  savings. 
Acquiring  one  another  is  seen  as 
a  way  to  do  that  and  remain 
viable  for  the  long  term. 

“The  entire  industry  could  now 
be  in  pla>(  says  Tal  Liani,  an  ana¬ 
lyst  at  Merrill-Lynch,  in  a  research 
report.  “We  see  Ericsson,  Siemens 
and  Motorola  as  potential  consol¬ 
idators  and  believe  that  Juniper, 
Redback,  Ciena,  Extreme,  Foundry, 
ECI  Telecom,  and  Flammerhead 
[Systems]  are  potential  targets.” 

How  Lucent  Alcatel  match  up 

Vendors  will  choose  their  mates 
based  on  gaps  they  need  to  fill  in 
their  product  portfolios.  Lucent 


and  Alcatel  have  some  redundan¬ 
cies  in  optical  and  broadband 
access,  but  their  combination  will 
make  them  No.  1  in  these  markets, 
analysts  note. 

Their  product  offerings  also 
align  well  in  wireless.  Lucent  is 
strong  in  Code  Division  Multiple 
Access/Wideband  CDMA,  while 
Alcatel  has  a  presence  in  GSM, 
which  is  pervasive  in  Europe. 
Alcatel  also  has  core  and  edge 
routers  to  complement  Lucent’s 
multiservice  edge  switches,  and 
the  combined  company  would 
obtain  the  No.  3  position  in  this 
market,  analysts  say 

Both  are  strong  in  professional/ 
integration  services.  That  helped 
Alcatel  win  the  Project  Lightspeed 
IP  TV  deal  at  AT&T,  which 
accounts  for  23%  of  Lucent’s  $9.4 
billion  annual  revenue.  Combined 
services  will  be  a  $5  billion  busi¬ 
ness  for  the  merged  company 

Both  have  common  visions  of 
next-generation  networks  built  on 
IP  Multimedia  Subsystem  (IMS) 
architectures,  and  a  wealth  of 
products  to  build  these  infrastruc¬ 
tures,  company  officials  say  And 
lastly,  the  combined  Alcatel/ 
Lucent  will  generate  $1.7  billion 
in  cost  savings  within  three  years, 
says  Lucent  CEO  Pat  Russo,  who 
will  head  the  combined  compa¬ 
ny  Savings  will  be  sought  by  par¬ 
ing  10%  of  the  combined  work¬ 
force  of  88,000,  as  well  as  through 
elimination  of  redundancies. 

“The  combination  will  create 
the  first  truly  global  communica¬ 
tions  solutions  provider  which  is  a 
clear  leader  ‘in  convergence,” 
Russo  said  during  a  Webcast  an¬ 
nouncing  the  merger. 

Analysts  concur  that  the  timing 
is  right  for  Alcatel  and  Lucent,  and 
the  telecom  equipment  industry 

“Given  that  the  [telecom]  indus¬ 
try  is  currently  in  the  midst  of  a 
buying  cycle  —  IP  TV,  FTTX,  DSL, 
optical  networking,  wireless/IMS 
—  and  an  operator  consolidation 
cycle,  it’s  good  timing _ to  con¬ 

solidate  and  concentrate  the  mar¬ 
ket,”  says  Ken  Twist,  vice  president 
of  the  Technology  Consulting  and 
Broadband  Networks  Practices  at 
Ovum-RHK.  ■ 


I  Read  how  experts  think  the 
merger  will  play  out  for 
corporate  customers.  Page  19 


What’s  out  there 

All  major  storage  vendors  offer  heterogeneous  virtualization. 


Product 
EMC  Invista 

Hitachi  Data  Systems 
TagmaStore* 

IBM  SAN  Volume  Controller 
Sun  StorEdge  6920  System 

•HP  and  Sun  both  rebrand  theTagmaStore 


Implemented  as 

Fibre  Channel  switch  and 
appliance-based. 

Array-based 

Fibre-Channel  switch  and 
appliance-based 

Array-based 


Status 

In  limited  beta  test 
Shipping 
Shipping 
Shipping 


Virtualization 

continued  from  page  1 

word,”  says  Tony  Prigmore,  senior 
analyst  for  the  Enterprise  Strategy 
Group.  “You  have  a  classic  situa¬ 
tion  where  all  the  branded  ven¬ 
dors  are  going  after  their  installed 
base.  That’s  happening  with  IBM’s 
SAN  Volume  Controller;  it’s  hap¬ 
pening  with  HP  Hitachi  Data 
Systems  and  EMC. Vendors  are  just 
now  starting  to  expand  to  support 
arrays  from  other  vendors.” 

So  far,  Hitachi,  HR  IBM  and  Sun 
are  shipping  either  array-based 
storage  virtualization  or  Fibre  Channel  switch¬ 
es  that  pair  with  server  appliances  to  add  intel¬ 
ligent  services  to  the  storage  fabric.  Hitachi  has 
an  intelligent  controller  in  its  TagmaStore  array 
that  virtualizes  the  storage  resources  attached 
to  it.  IBM  and  EMC  manufacture  server-based 
appliances  that  attach  to  Fibre  Channel,  direc¬ 
tor-level  switches  from  Brocade,  Cisco  and 
McData  to  virtualize  storage  resources. 

All  these  companies  say  they  support  het¬ 
erogeneous  storage  virtualization.  Hitachi’s 
TagmaStore,  for  instance,  can  connect  to  IBM 
Enterprise  Storage  Server  and  EMC’s  Sym- 
metrix  and  Clariion  products. 

Dave  Hill,  senior  analyst  for  the  Mesabi 
Group,  points  to  another  stumbling  block  on 
the  way  to  heterogeneous  virtualization: 
Customers  and  vendors  want  to  protect  exist¬ 
ing  assets  and  investments. 

“I’m  not  sure  that  vendors  are  as  anxious  as 
they  say  to  implement  data  migration  or  repli¬ 
cation  services  on  a  switch  or  other  virtualiza¬ 
tion  appliance,”  Hill  says  “Customers  want  to  be 
able  to  use  the  software  —  EMC’s  [Synch¬ 
ronous  Remote  Data  Facility]  —  they  already 
have.  They  are  not  going  to  rip  and  replace  to 
implement  a  virtualization  appliance  that 


doesn’t  give  them  any  additional  capability’ 

Prigmore  agrees.  “The  problem  is,  customers 
have  software  investments  in  their  branded 
arrays, and  they  are  not  going  to  get  rid  of  them 
to  deploy  a  heterogeneous  virtualization  solu¬ 
tion,”  he  says. 

One  such  user  is  John  Blackman,  a  technol¬ 
ogy  strategist  and  storage  architect  for  a  For¬ 
tune  500  company  that  he  cannot  name.“Why 
do  I  need  [EMC’s]  Invista  for  migration  when  I 
can  just  migrate  that  data  to  a  new  array  and 
shut  down  the  old  one?”  he  asks  .“A  lot  of  envi¬ 
ronments  are  still  fairly  siloed,  and  there  is  no 
real  trust  that  vendors  can  actually  cooperate, 
so  everyone  creates  niche  solutions  that  work 
with  only  their  gear(  he  says. 

A  customer  who  does  see  the  bright  side  of 
virtualization  —  albeit  homogeneous  —  is 
Michael  Amble,  director  of  information  ser¬ 
vices  for  Fidelity  National  Financial  in  Jack¬ 
sonville,  Fla.  Amble  has  virtualized  about 
600TB  of  data  on  Hitachi  TagmaStore  and 
Thunder  9585V  systems  to  help  him  imple¬ 
ment  an  information  life-cycle  management 
(ILM)  strategy  “The  business  is  such  that  the 
allocation  of  storage  space  is  really  important 
to  us,"  he  says.“  We  have  a  system  that  has  to  be 


sized  for  that  business.  Having  the 
ability  to  move  disk  storage 
between  tiers  is  terribly  important 
for  us.” 

Because  about  80%  of  Amble’s 
business  takes  place  in  the  last  five 
days  of  the  month,  historical  title 
data  is  migrated  from  less  expen¬ 
sive  and  slower  Thunder  9585V 
arrays  to  the  more  expensive  and 
quickly  accessed  TagmaStore 
when  it  is  needed  to  process  new 
title  work. 

Amble  says  his  company  contin¬ 
ues  to  acquire  other  businesses, 
but  it’s  not  considering  virtualizing 
the  storage  gear  gained  in  those  acquisitions. 
“We  have  moved  legacy  equipment  into  differ¬ 
ent  environments  but  not  into  our  core 
TagmaStore  network,”  he  says.“We  are  sensitive 
to  mixing  and  matching  equipment,  because 
we  don’t  want  to  jeopardize  our  secure 
[Hitachi]  environment.” 

There  are  also  customers  for  whom  even  the 
promise  of  homogeneous  virtualization  within 
a  single  vendor’s  products  is  not  sufficient.“We 
are  actively  looking  at  Incipient  and  EMC 
Invista  as  future  virtualization  candidates,  but 
they  are  still  fairly  young  solutions  in  the  mar¬ 
ket,  and  the  feature  set  they  bring  doesn’t  meet 
our  entire  need  yet,” says  Michael  Passe, storage 
architect  for  Caregroup  Healthcare  Systems  in 
Boston. 

Passe  has  a  homogeneous-storage  environ¬ 
ment  consisting  of  tiered  EMC  Symmetrix, 
Clariion  and  Center  storage. 

“Basically  we  would  like  virtualization  to 
enable  EMC  Symmetrix  DMX-to-Clariion  real¬ 
time  replication,  which  EMC  does  not  support 
today  with  such  products  as  MirrorView  or 
SRDFPasse  says. “At  some  point,  virtualization 
will  enable  us  to  move  forward  to  the  next  part 
of  the  ILM  vision  that  EMC  has  laid  out.”B 
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Microsoft  exec  warns  of  rootkits 


BY  ELLEN  MESSMER 

ORLANDO  —  If  your  system 
gets  infiltrated  by  a  rootkit,  you 
might  as  well  just  “waste  the  sys¬ 
tem  entirely?’  a  Microsoft  official 
told  fellow  security  professionals 
last  week  at  the  annual  InfoSec 
Conference  here. 

Microsoft’s  Mike  Danseglio,  pro¬ 
gram  manager  in  the  company’s 
security  solutions  group,  was 
among  a  host  of  security  experts 
from  big-name  companies  who 
swapped  advice  about  protecting 
networks  with  1,700  showgoers. 

According  to  Danseglio,  the 
hacker  rootkit  is  “probably  the 
nastiest  piece  of  malware  you’ll 
get,”  because  it  is  designed  to 
hide  unwanted  files  —  or  any 
sign  a  computer  has  been  com¬ 
promised  —  stealthily. 

Microsoft  dedicates  four  staffers 
to  analyze  rootkit  samples  found 
in  customer  computers  or  on  the 
Internet.  In  his  presentation,  Dan¬ 
seglio  offered  a  list  of  the  most- 
wanted  rootkits  (see  graphic), 
adding  that  90%  of  what  Microsoft 
finds  relates  to  Hacker  Defender,  a 
rootkit  from  the  Czech  Republic- 
based  programmer  who  calls 
himself  Holy  Father. The  program¬ 
mer  charges  several  hundred  dol¬ 
lars  to  make  Gold  versions  of  his 
basic  rootkit. 

Writing  rootkits  isn’t  a  crime,  but 
using  them  to  hide  code  in  a  com- 


Microsoft’s 
most-wanted  list 

Rootkits  that  hide  in 
Windows: 

•  Hacker  Defender _ 

^_FU _ 

•HE4Hook _ 

•  Vanquish 
•AFX 

•  NT  Rootkit _ 

Tools  that  can  detect 
rootkits: 

•  PatchFinder2  and  Klister/Flister, 
proof-of-concept  tools  from  Polish 
researcher  Joanna  Rutkoska 

•  RootkitRevealer  from  Sysinternals 

•  Blacklight  from  F-Secure 

•  Microsoft  File  Checksum  Integrity 
Environment 

•  Bootable  Antivirus  &  Recovery  Tools 

from  Alwil  Software _ 

•  Knoppix  Security  Tools  Distribution 
(open  source) 


puter  that’s  been  hacked  by  other 
means  is,  Danseglio  said.  Holy 
Father  last  month  indicated  he’s 
retiring  from  his  Web  site  busi¬ 
ness,  leading  some  to  speculate 
that  he’s  been  hired  for  some  pur¬ 
pose  somewhere. 

According  to  Danseglio,  root¬ 


kits  have  been  embedded  in 
many  networks,  with  college 
campuses  especially  hard-hit. 
The  University  of  Washington  has 
become  notorious  for  its  stu¬ 
dents  using  rootkits  to  hide 
pornography  and  music  on  the 
university’s  servers,  he  said. 

Danseglio  offered  a  list  of  tools, 
including  a  few  from  Microsoft, 
that  can  detect  rootkits.  But  he 
said  there  are  no  simple  ways  to 
address  the  menace.  “There  are 
no  rootkit-resistant  operating  sys¬ 
tems,”  Danseglio  said. 

Lessons  shared 

Kerry  Anderson, a  Fidelity  Invest¬ 
ment  Brokerage  vice  president  in 
the  information  security  group, 
spoke  on  the  topic  of  setting  up  a 
computer  forensics  program  to 
tackle  crime,  including  child 
pornography  terrorism  and  finan¬ 
cial  fraud. 

A  company’s  first  priority  should 
be  establishing  a  policy  and  inter¬ 
nal  training  for  auditing  and  inves¬ 
tigating  suspected  computer 
crime,  coordinating  among  the 
legal,  human  resources  and  IT 
departments, she  said. 

She  advised  extending  that  pol¬ 
icy  to  include  working  with  out¬ 
sourcing  providers,  vendors  and 
business  partners  to  ascertain 
their  computer-investigation  pro¬ 
cedures  and  get  the  right  to  audit 


and  monitor  their  computers  if 
necessary.  “Our  contracts  today 
are  requiring  the  right  to  do  risk 
assessment  and  visitation  audits,” 
she  pointed  out. 

The  insider  threat  is  a  top  con¬ 
cern  at  State  Street,  which  man¬ 
ages  more  than  $10  trillion  in 
assets.  State  Street  Senior  Tech¬ 
nology  Officer  Doug  Sweetman 
said  securities  laws  require  the 
firm  to  conduct  background 
checks  on  employees  and  pro¬ 
spective  employees. 

But  these  days,  that  might  go 
beyond  a  criminal-history  check 
and  include  scouring  the  Web  to 
find  blogs  an  applicant  has  writ¬ 
ten  or  evidence  of  a  gambling 
habit  or  visiting  hacker  sites  — 
all  of  which  might  raise  a  red 
flag. “I  don’t  feel  any  restrictions 
going  after  your  blog  or  pulling 
all  these  data  together,”  he  said. 

One  headache  at  State  Street  is 
the  freeware  that  employees 
download  and  the  company 
wants  to  remove  as  a  potential 
security  risk.  Google  Desktop  3.0 
search  software  is  among  the 
programs  State  Street  watches 
out  for:  “It  allows  for  file-sharing 
and  takes  the  file  up  to  the 
Google  complex,”  Sweetman 
said. 

“You’ve  got  to  think  about 
where  that  file  is  when  Google 
indexes  content,”  he  said.B 


2600 

continued  from  page  12 


ually  as  they  need  to  be  replaced.” 

As  with  Rubbermaid,  prestaging 
and  testing  gear  is  essential,  Par¬ 
sons  says.  When  making  such 
changes  to  a  WAN,  administrators 
must  prepare  for  network  down¬ 
time  and  potential  issues  with 
new  technology  he  says. 

“There  may  be  10S  versions  in 
the  newer  equipment  that  may  not 
support  features  you  had  before, 
so  that  has  to  be  examined  and 
figured  out  beforehand,”  he  says. 

Cisco  watchers  say  the  move  from  the  2600 
series  to  the  ISR  2800  is  another  step  in  the  ven¬ 
dor’s  goal  to  make  routers  a  valuable  and 
strategic  technology  for  business,  instead  of  a 
commodity  product. 

“The  2600  was  a  workhorse  for  Cisco,  but  it’s 
time  for  a  refresh,”  says  Frank  Dzubeck,  presi¬ 
dent  of  Communications  Network  Architects. 
“Part  of  the  issue  is  that  the  2600  was  never 
really  a  platform,”  he  says.“You  sold  it,  it  was 
installed  out  in  the  field, and  you  never  real- 


Cisco’s  2600  series  phaseout  schedule 

Key  dates  for  users  of  Cisco  2600  routers,  as  Cisco  ends  the  product's  sale  and  support. 


March  27  End  of 

life  announcement 


June  26  End  of 

shipments 


r  March  26  End  of  new 
service  attachments 
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March  27  EndJ 


of  sales 


2008  2009 

March  26  End  of  routine 
failure  analyses 


March  27  End  of 

software  maintenance 
releases 
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2010 


March  25  End  of 

support 


2011  f 
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2012 


ly  touched  it  again;  it’s  hard  for  Cisco  to  sell 
into  that.” 

The  ISR  2800  series  offers  more  expansion 
options  —  such  as  modules  that  add  Voipbuilt- 
in  IP  PBX  and  voice  mail,  caching,  firewalls, 
and  intrusion-detection  and  intrusion-preven¬ 
tion  capabilities  —  all  without  taxing  proces¬ 
sor  and  memory  power  for  core  WAN  routing, 
Dzubeck  says. 

Cisco  says  its  ISR  line,  introduced  in  2004,  has 
reached  more  than  $1  billion  in  sales,  and  the 
vendor  has  shipped  more  than  500,000  ISRs  — 


June  25  End  of  service 
contract  renewals 


the  fastest  single  product  run  rate  in  the  com¬ 
pany’s  history 

While  this  has  helped  Cisco  keep  its  more 
than  70%  market  share  in  enterprise  WAN  rout¬ 
ing,  the  company  also  has  seen  a  ramp-up  in 
competition  from  Juniper  with  the  release  of 
its  SSG  —  an  integrated  Juniper  WAN  router 
and  NetScreen  firewall.  Nortel’s  acquisition  of 
enterprise  router  maker  Tasman  Networks  last 
year  and  Alcatel’s  recent  launch  of  its  Omni- 
Access  WAN  router  series  also  are  attempts  to 
dig  into  Cisco’s  base.B 
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Eliminate 
multiple 
softwa  re 
license  fees. 

Legally. 

Why  pay  again  for  something  you  already  own?  The  Pillar  Axiom™ 
storage  system  lets  you  add  performance  and  over  300  TB  of 
capacity  per  system  without  requiring  you  to  pay  for  additional 
software  license  fees.  It  combines  both  SAN  and  NAS  environments 
and  empowers  you  to  manage  multiple  tiers  of  data  through  a  single, 
easy-to-use  interface.  And  it  delivers  top-tier  performance  that  can 
improve  your  bottom  line,  often  for  less  than  what  many  companies 
pay  just  to  operate  and  maintain  their  storage  systems. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  or  visit  www.pillardata.com/legally 


Learn  the  truth  about  networked  storage. 


ar 

A  DATA  SYSTEMS 


C  2006  Pillar  Data  Systems  Inc.  All  rights  reserved.  Pillar  Data  Systems 
and  the  Pillar  logo  are  all  trademarks  of  Pillar  Data  Systems. 


w  a* i 

.•w-  *. 

iff  ;r  i| 


h*>  -  ,‘T;  tyf 

pp?5  -;.  •  ‘  y  Vi-:\ 

•  •  I 


.  ■  - 


Multiple  layers  of  security  make  life  harder  for  threats. 
Multiple  layers  of  security  make  Ilf 
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Anti-Spam  &  Anti-Spyware 


Network  Access  Control 
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.■loo  list  of  attacks 


Security  threats  are  mounting  in  number— and  they're  evolving  in  complexity.  Your  security  must  evolve  as  well. 

This  used  to  mean  managing  multiple  products  without  integration,  which  created  operational  challenges,  risk,  and 
increasing  costs.  Not  any  more.  With  McAfee  Total  Protection  for  Enterprise,  you'll  have  comprehensive,  integrated 
protection.  You'll  control  everything — from  anti-virus  to  network  access  control  to  anti-spyware — all  from  a  single 
management  console.  McAfee  Total  Protection  solutions  are  engineered  to  provide  maximum  manageabi  tv  and 
deliver  total  endpoint  security  without  compromise.  McAfee,  the  dedicated  security  company  that  blocked  or  contained 
100%  of  the  top  attacks  in  2005,  delivers  proven  results  backed  by  more  than  15  years  of  experience.  Secure  your 
business  advantage.  Learn  more  at  www.mcafee.com/total 


Proven  Security 


„Top  listed  attacks  as  reported  by  Wildlist.org  and  McAfee  AVERT  labs.  McAfee  and/or  additional  marks  herein  ate  registered  trademarks  or  trademarks  cf  Me  Afee  Inc  and/of 

McAfee  Redid  connection  with  security  is  distinctive  of  McAfee  btand  products.  All  other  registered  and  unregistered  trademarks  herein  are  the  sole  property  of  thee  respective  owners  ®  J0O6  McAlee.  Inc  All  rights  reserved 


The  Answer:  Proven  security. 
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SECURITY  ■  SWITCHING  ■  ROUTING  BVPNS  ■  BANDWIDTH  MANAGEMENT  ■  VOIP  ■  WIRELESS  LANS 


Short  Takes 


■  HP  plans  to  release  business 
notebook  PCs  later  this  year  with 
integrated  global  broadband  wireless 
connectivity,  the  company  said  last 
week.  HP  will  team  with  Cingular 
Wireless  to  add  integrated  Universal 
Mobile  Telecommunications  System/- 
High  Speed  Downlink  Packet  Access 
technology  to  certain  notebooks.  The 
move  will  simplify  wireless  network¬ 
ing  for  overseas  travelers  and  help 
HP  better  compete  against  products 
such  as  Dell’s  Latitude  notebook. 
UMTS  is  the  network  standard  that 
uses  Wideband  Code  Division 
Multiple  Access  technology  to  boost 
capacity  and  data  speed  compared 
with  2G  mobile  networks.  HSDPA  is 
a  mobile  broadband  standard  capa¬ 
ble  of  reaching  downlink  speeds  of 
14.4Mbps. 

■  Code  Green  Networks  debuted 
last  week  with  a  gateway  appliance 
for  monitoring  unauthorized  out¬ 
bound  transmissions  of  sensitive 
content.  The  appliance  starts  at 
$50,000.  It  monitors,  but  doesn’t 
block,  outbound  content  sent  via  e- 
mail,  FTP,  Web  mail  or  other  proto¬ 
cols.  Code  Green,  funded  with  $30 
million  in  venture  capital  from  Day 
Partners,  Sierra  Ventures  and  others, 
joins  a  growing  crowd  of  competitors 
in  what's  sometimes  called  the 
extrusion-prevention  market. These 
include  Fidelis,  PortAuthority, 
Reconnex,  Vericept  and  Vontu. 

■  McAfee  has  purchased  Web  site 
rating  company  SiteAdvisor,  the 
two  companies  announced  last 
week.  Founded  by  a  group  of  Mass¬ 
achusetts  Institute  of  Technology 
engineers  in  April  2005,  SiteAdvisor 
develops  automated  software  that 
tests  Web  sites  to  see  whether  they 
install  spyware  or  computer  viruses. 
Last  month  the  company  released  a 
free  browser  toolbar  designed  to 
warn  users  when  they  visit  Web 
sites  that  seem  risky.  McAfee  hopes 
to  extend  the  SiteAdvisor  technolo¬ 
gy  to  create  a  new  line  of  “safe 
search"  products,  the  first  of  which 
is  expected  in  2006. 


All  eyes  on  Alcatel-Lucent  merger 


BY  PHIL  HOCHMUTH 

With  the  mega-merger  of  Lucent  and 
Alcatel  in  the  books,  corporate  users  of 
Alcatel  voice  and  data  gear  say  the  deal 
could  be  a  boon  for  the  French  vendor’s 
market  presence  in  the  United  States. 

In  addition  to  merging  a  plethora  of 
carrier  access,  edge,  backbone  and  opti¬ 
cal  product  lines,  the  Alcatel-Lucent 
merger  creates  an  interesting  package  of 
IP  voice,  switching,  routing  and  security 
products.  But  with  Lucent  mostly  out  of 
the  enterprise  business  since  2000,  and 
Alcatel’s  scant  market  share,  some 
observers  question  whether  the  merger 
will  be  just  a  blip  on  the  screen  for  large 
IT  buyers. 

Lucent  and  Alcatel  agreed  last  week  to 
a  $13.4  billion  merger,  in  which  Lucent 
CEO  Patricia  Russo  would  become  the 
head  of  the  joined  company.  But  the  deal 
—  called  a  merger  of  equals  —  is  essen¬ 
tially  a  buyout  of  Lucent  by  Alcatel, 
which  has  almost  twice  the  market  value 
of  its  U.S.  rival. 

“The  Lucent  footprint  could  help  Alcatel 
a  little  in  the  U.S.,but  it’s  not  like  Lucent  is 
that  well  known  to  U.S.  enterprises  either,” 
says  Zeus  Kerravala,  an  analyst  with  The 


Corporate  offerings 

A  combined  Alcatel-Lucent 
would  have  an  almost  complete 
package  of  enterprise  voice,  data 
and  security  gear. 

Voice 

Alcatel  OmniPCX  Enterprise:  Hybrid  IP/TDM 
PBX  with  Session  Initiation  Protocol  support. 

Data 

Alcatel  OmniSwitch:  Stackable  and  chassis-based 
Layer  2  to  4  LAN  switches,  scaling  up  to  10G 
Ethernet. 

Alcatel  OmniAccess:  WAN  routers  with  T-1/T-3 

Security 

Lucent  VPN  Firewall  Brick:  Layer  2 
firewall/VPN/QoS  appliance. 

Lucent  Security  Management  Server:  VPN  and 

QoS  provisioning  platform. 

Lucent  IPSec  Client:  Remote  access  software. 

Yankee  Group.  “The  Lucent  brand  has 
been  gone  from  the  enterprise  for  so  long, 
it  might  not  give  Alcatel  much  of  a  boost.” 
If  a  company  is  going  to  go  through  a 


process  and  end  up  picking  Alcatel, 
Kerravala  says, “it’s  going  to  be  because  the 
[buyer]  has  done  their  due  diligence  and 
found  some  feature  or  benefit  from  Alca¬ 
tel,”  and  not  because  of  name  recognition 
or  marketing. 

Price  and  performance  are  the  reasons 
users  would  install  Alcatel  gear  in  the 
United  States. 

“I’m  just  waiting  with  interest  to  see 
what’s  going  to  happen”  to  Alcatel’s  enter¬ 
prise  business  after  the  merger,  says  David 
Happala,  network  technician  for  the 
Crosby  Independent  School  District, 
which  is  near  Houston. 

Three  years  ago,  the  school  district  stan¬ 
dardized  on  Alcatel  OmniSwitch  Layer  3 
Gigabit  Ethernet  backbone  and  10/- 
lOO/lOOOMbps  wiring  closet  switches, 
when  Happala  was  looking  to  build  a  dis¬ 
trict-wide  Gigabit  Ethernet  WAN  with 
fiber  provided  by  the  local  cable  TV 
provider. 

“1  liked  what  Alcatel  was  doing  at  the 
time  with  Layer  3  and  Layer  4  switching,” 
Happala  says.“Cisco  was  doing  it  too,  but  it 
was  too  expensive.  When  we  put  our  re¬ 
quirements  out  for  bid,  Alcatel  came  in  at 
See  Merger,  page  22 


Symantec  tunes  up  its  IM  monitoring 


BY  TIM  GREENE 

Symantec  is  making  it  easier  to  monitor 
and  control  real-time  applications  being 
used  on  corporate  networks. 

With  Release  8.0  of  its  1M  Manager  soft¬ 
ware,  the  company  is  adding  tools  to  apply 
security  policies  to  VoIP  and  videoconfer¬ 
encing  and  expanding  its  ability  to  do  the 
same  to  instant  messaging  and  text  mes¬ 
saging,  the  company  says. 

The  benefits  of  the  new  capabilities  are 
twofold,  according  to  Eric  Ogren,  an  ana¬ 
lyst  with  Enterprise  Strategy  Group.  First,  it 
gives  businesses  a  way  to  discover  just 
how  much  peer-to-peer  traffic  is  on  their 
networks,  information  they  might  not  be 
able  to  get  now.  And  IM  Manager  logs  traf¬ 
fic,  creating  records  that  can  be  used  to 
meet  regulatory  restrictions  on  how  sensi¬ 
tive  data  is  handled. 

“You  can’t  prevent  use  of  Skype  and 
Yahoo  Instant  Messenger,  but  you  can 
control  the  corporate  risk,”  Ogren  says. 


“And  you  might  not  want  to  block  them. 
You  don’t  have  to  worry  about  software 
installation  and  you  get  business  benefits 
for  free.” 

For  example,  network  security  executives 
can  set  a  policy  within  IM  Manager  that 
enables  application  sharing  between 
users  via  Microsoft  Office  Communicator 
and  logs  all  the  session  data,  including 
who  was  invited  to  the  session,  Symantec 
says.  Similarly,  the  new  software  allows 
users  to  use  e-mail  and  IM  aspects  of 
Google  Talk,  but  not  the  VoIP  part  of 
Google  Talk. 

“This  feature  allows  IT,  not  to  block  these 
employees  from  what  they’re  doing  but 
keep  track  of  it,”  Ogren  says. 

It’s  common  to  keep  track  of  sent  e-mails 
and  attachments,  but  not  IM  messages  and 
attachments,  says  Chris  Liebert,  a  senior 
network  security  analyst  with  The  Yankee 
Group. “This  gives  you  the  benefit  of  audit¬ 
ing  what  is  sent,”  she  says. 


The  8.0  IM  Manager  software  integrates 
its  archived  IM  transcripts  with  another 
Symantec  product,  Enterprise  Vault,  which 
archives  e-mails.  The  company  says  this 
lets  customers  store  and  search  these  ar¬ 
chives  from  a  single  console  rather  than 
opening  IM  Manager  to  look  for  archives 
and  opening  Enterprise  Vault  to  search 
through  stored  e-mails. 

The  new  software  also  can  block  new  IM 
viruses  based  on  behavior  it  detects  on  a 
network.  So  if  a  virus  with  no  known  sig¬ 
nature  starts  sending  messages  with  a  con¬ 
sistent  pattern  to  everyone  on  a  user’s 
buddy  list,  the  software  could  block  that 
traffic  as  a  likely  virus  by  blocking  the 
machine  from  sending  IMs.  A  person 
would  have  to  investigate  to  see  whether 
the  behavior  represented  an  actual  virus. 

Symantec  competes  in  these  areas  with 
CipherTrust  and  Trend  Micro. 

With  the  new  release,  the  company  is 
See  Symantec,  page  22 


A  Global  Hotel  Company  Analyzing  1.4  Million  Records  a  Day. 
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How  does  Hilton  forecast  demand  for  its  370,000  rooms  and  its  catering  services?  They 
import  data  from  six  systems  into  one  data  warehouse  requiring  7  million  rows,  and 
running  on  SQL  Server™ 2005  with  99.98%  uptime.*  See  how  at  microsoft.com/bigdata 
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SECURITY  INSIDER 

Mike  Rothman 


Sen.  Joseph  McCarthy  died  in 
1957,  but  clearly  his  spirit  lives 
on.  Since  the  communist  witch 
hunts  of  the  '50s  there  have  been 
a  number  of  waves  of  xenopho¬ 
bia,  protectionism  and  isolation¬ 
ism.  Buckle  up  —  here  comes 
another  wave. 

This  time  the  driver  is  the  con¬ 
trol  of  security  technology  used 
by  the  federal  government.  For 
some  reason  there  is  an  irrational 
fear  that  foreign-owned  security 
intellectual  property  puts  the 
United  States  at  risk. 

First  case  is  the  demise  of  the 
Check  Point-Sourcefire  merger. 


Symantec 

continued  from  page  19 

changing  the  pricing  of  IM 
Manager  to  $40  per  seat,  includ¬ 
ing  the  IM  Manager  server.  It  pre¬ 
viously  cost  $25  per  seat  with  a 
$7,500  fee  for  server  software. 

In  other  Symantec  news,  the 
company  shuffled  its  executive 
ranks  last  week  to  simplify  opera¬ 
tions.  The  changes  include  the 
departure  of  three  senior  execu¬ 
tives  and  the  appointment  of  a 
new  CTO,  Ajei  Gopal. 

The  changes,  which  occurred 
last  month  but  had  not  been  pub¬ 
licly  disclosed,  are  part  of  the 
company’s  ongoing  efforts  to 
manage  its  2005  acquisition  of 
storage  software  vendor  Veritas 
Software.  Over  the  past  few 
months  a  number  of  senior 
Symantec  executives  have 
departed,  including  Bloom,  for¬ 
merly  CEO  of  Veritas,  and  former 
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Reader  recognition 

Want  notice  for  your  exceptional  IT  proj¬ 
ect?  Enter  our  second-annual  Enterprise 
All-Star  Award  competition.  Nominations 
will  be  accepted  through  May  10. 
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Xenophobia’s  bad  for  security  business 


The  United  States  made  the 
approval  process  so  miserable 
for  both  parties  that  they  threw  in 
the  towel.  Evidently  the  FBI  and 
the  Department  of  Defense  ex¬ 
pressed  concern  that  having 
Check  Point,  an  Israeli  company, 
control  Sourcefire’s  intrusion- 
prevention  software  puts  their 
networks  at  risk. 

Riddle  me  this,  Batman. There  is 
a  lot  more  Check  Point  than 
Sourcefire  software  used  in  U.S. 
government  networks.  Also,  a 
decent  part  of  Sourcefire’s  tech¬ 
nology  is  open  source  (the 
Snort  intrusion-detection  system 
engine),  so  it’s  available  to  any¬ 
one  with  an  Internet  connection. 
So  the  fear  is  what?  That’s  right, 
irrational. 

It  will  be  interesting  to  see  how 
the  political  tides  turn  relative  to 
the  Alcatel-Lucent  deal.  Given  the 
stink  put  up  about  Check  Point- 
Sourcefire,  a  foreign  acquisition 


of  Lucent  —  which  provides  a 
decent  part  of  the  voice  back¬ 
bone  of  the  United  States  and 
also  runs  Bell  Labs  —  would 
seem  about  as  likely  as  Vice 
President  Dick  Cheney  going  on 
another  hunting  trip. 

The  paranoia  does  not  stop  at 
the  infrastructure.  A  contract 
Lenovo  (the  former  IBM  PC  com¬ 
pany  acquired  by  a  Chinese 
firm)  won  to  supply  PCs  to  the 
State  Department  is  being  investi¬ 
gated  because  of  fears  the 
Chinese  will  install  a  back  door 
in  those  machines.  Never  mind 
that  the  PC  would  be  built  in 
North  Carolina.  Score  one  more 
for  xenophobia. 

It’s  not  restricted  to  the  United 
States.  U.K.  regulatory  entities 
now  have  an  issue  with  U.S.  com¬ 
pany  SafeNet  buying  nCipher,  a 
U.K.  encryption  vendor. 

1  was  under  the  impression 
that  the  United  Kingdom  and  the 


United  States  are  allies,  but  1 
guess  all  bets  are  off  relative  to 
source  code. 

This  is  poised  to  be  a  big  prob¬ 
lem  for  the  networking  economy 
Putting  the  kibosh  on  cross- 
border  mergers  restricts  technol¬ 
ogy  companies  from  acquiring 
the  global  reach  and  broad  prod¬ 
uct  lines  that  meet  the  needs  of 
enterprise  customers.  Play  the  sit¬ 
uation  out  a  bit  and  non-U.S. 
technology  companies  are 
forced  to  invest  their  money  else¬ 
where,  which  provides  fewer  exits 
for  innovative  start-ups.  Venture 
capitalists  have  less  money  to 
invest  in  these  companies,  so 
innovation  slows.  And  so  the 
cycle  goes. 

Foreign  technology  companies 
doing  business  in  the  United 
States  should  be  worried.  Clearly 
they  can’t  acquire  U.S.-based 
companies  to  gain  a  foothold  in 
the  United  States.  They’ll  also 


have  problems  selling  products 
to  the  U.S.  government  (just  ask 
Lenovo).  How  long  before  the 
tables  turn  and  it  becomes  a  lot 
harder  for  U.S.  technology  com¬ 
panies  to  do  business  abroad? 

What  was  poised  to  be  a  global 
economy  looks  very  regional 
now.  I  try  to  stay  away  from  politi¬ 
cal  opinion,  but  I  believe  the  cur¬ 
rent  administration  has  a  pretty 
serious  choice  to  make.  It  is  not 
acting  like  a  friend  of  business, 
and  the  tech  ecosystem  encom¬ 
passes  a  lot  of  voters.  If  this  xeno¬ 
phobia  continues,  it  certainly 
doesn’t  bode  well  for  the  incum¬ 
bents  in  an  election  year. 

Rothman  is  president  and  princi¬ 
pal  analyst  of  Security  Incite,  an 
analyst  firm  focusing  on  informa¬ 
tion  security.  Read  his  blog  at 
http:/ / feeds,  feedburner.com/secu 
rityinciterants  or  send  e-mail  to 
mike.  rothman@securityincite.  com. 


CFO  Greg  Myers. 

As  part  of  the  reorganization, 
Symantec  now  has  halved  the 
number  of  business  units  it  oper¬ 
ates  and  streamlined  sales  oper¬ 
ations  to  improve  performance, 
the  company  says.  The  most 
high-profile  change  is  the  com¬ 
pany’s  selection  of  Gopal  to  re¬ 
place  previous  CTO  Mark  Breg- 
man,who  has  moved  to  a  techni¬ 
cal  sales  role  within  the  compa¬ 
ny’s  Worldwide  Sales  and  Ser¬ 
vices  organization.  Gopal  now 
finds  himself  in  a  familiar  posi¬ 
tion.  He  had  been  CTO  before 
losing  his  job  to  Bregman  follow¬ 
ing  the  Veritas  purchase.  Before 
the  acquisition,  Bregman  had 
been  Veritas’  CTO. 

The  senior  executives  who 
departed  in  the  past  month  in¬ 
clude  Steve  Leonard,  senior  vice 
president  for  the  Asia  Pacific  and 
Japan  region;  Lindsey  Arm¬ 
strong,  the  company’s  senior  vice 
president  for  Europe,  the  Middle 
East  and  Africa;  and  Don  Frisch- 
mann,  who  served  as  senior  vice 
president  of  communications 
and  brand  management. 

Leonard  has  been  replaced  by 
Bill  Robbins, and  Armstrong’s  job 
is  now  being  handled  by  John 
Brigden.  Frischmann’s  communi¬ 
cations  responsibilities  have 
been  assigned  to  Chief  Market¬ 
ing  Officer  Janice  Chaffin, 
Symantec  says. 


With  the  new  corporate  struc¬ 
ture,  Symantec  has  reduced  the 
number  of  business  units  it  oper¬ 
ates  from  six  to  three:  the  Con¬ 
sumer  Products  and  Solutions 
group,  headed  by  Enrique  Salem; 
the  Enterprise  Security  and  Data 
Management,  headed  by  Jeremy 


Burton;  and  the  Data  Center 
Management  group,  run  by  Kris 
Hagerman. 

The  changes  will  not  affect  the 
branding  of  Symantec’s  prod¬ 
ucts,  but  some  customers  will 
notice  a  difference  on  the  sales 
side.  As  of  April  1,  the  company’s 


sales  structure  has  been  stream¬ 
lined  so  that  customers  will  no 
longer  deal  with  separate  repre¬ 
sentatives  for  the  company’s 
Veritas  and  Symantec  products. 

The  IDG  News  Service  con¬ 
tributed  to  this  report 


Merger 

continued  from  page  19 

one-third  of  the  cost  of  the  Cisco  bid.” 

Lucent  for  years  was  a  well-known  corporate 
brand,  with  its  Definity  PBX  and  Cajun  line  of  LAN 
switches,  but  the  vendor  spun  off  all  product  lines 
with  the  divestiture  of  Avaya  in  2000.  (Avaya  has 
since  stopped  selling  data  products). 

In  a  Webcast  news  conference  in  Paris  last  week, 
Alcatel  Chairman  Serge  Tchuruk  and  Lucent  CEO 
Russo  only  briefly  mentioned  enterprise  cus¬ 
tomers  in  reference  to  the  two  companies’  work 
on  developing  IMS  technology,  which  defines  how 
IP  networks  handle  voice  calls  and  data  sessions, 
and  next-generation  all-IP  networks. 

Their  remarks  were  aimed  mostly  at  network 
operator  customers,  especially  big  companies  re¬ 
quiring  global  support. 

Alcatel  spokesman  Mark  Burnworth  said  it  was  still 
too  early  to  delve  into  any  details,  such  as  which 
product  lines  could  be  expanded  or  dropped. 

Whether  or  not  a  merged  Alcatel-Lucent  divests  its 
enterprise  gear,  some  users  think  the  Lucent  brand 
still  holds  weight. 

“I  think  it  will  be  beneficial,”  having  Lucent  and 
Alcatel  merged,  says  Michael  Robinson,  director  of 
communications  for  Jackson  State  University  in 
Jackson,  Miss.  The  university  uses  Alcatel  Omni- 


Switch  LAN  switches  and  the  OmniPCX  Enter¬ 
prise  IP  PBX  phone  system,  which  provides  ana¬ 
log  phone  service  to  dormitories,  and  a  mix  of 
digital  and  IP  voice  to  staff  and  faculty  office. 

“The  main  thing  it  will  give  Alcatel  is  more 
name  recognition  here  in  the  U.S. ,”  Robinson  says 
of  the  Alcatel-Lucent  merger.  “Alcatel  has  very 
good  products,  but  not  many  people  out  there 
have  purchased  Alcatel  equipment  or  even  know 
where  to  get  it.”  In  Mississippi,  only  one  tele- 
com/datacom  integrator  offers  Alcatel  products, 
Robinson  says. 

Also  at  issue  with  the  Alcatel-Lucent  merger  are 
the  vendors’  relationships  with  the  French  and  U.S. 
governments,  respectively.  Both  vendors  sell  gear  to 
their  federal  governments  and  support  it,  and  a 
merged  company  could  raise  issues  with  the  gov¬ 
ernments,  analysts  say 

“[Lucent]  said  they  would  create  a  proxy  board 
in  charge  of  sorting  out  government  business  by 
degree  of  sensitivity”  says  Stephane  Teral,  an  ana¬ 
lyst  with  Infonetics  Research. 

Alcatel  also  has  defense-related  business  with 
the  French  government  that  is  being  divested  of 
and  merged  into  EADS,  the  French  airplane  and 
IT  outsourcing  giant. 

Material  from  the  IDG  News  Service  was  used  in 
this  report. 
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BroadbandAccess  built  in.  Only  from  Verizon  Wireless 


•  For  the  first  time  ever,  access  to  Verizon  Wireless'  BroadbandAccess  service  is  built  in  to  the  most 
innovative  notebooks  from  Lenovo  ThinkPad  and  HP.  So  you  can  work  wirelessly  without  a  PC  card 
or  the  hassle  of  Wi-Fi  hotspots. 

•  With  BroadbandAccess  built  in,  there's  never  been  an  easier  or  more  convenient  way  to  work  on 
the  nation's  largest  high-speed  wireless  broadband  network. 

•  Already  have  a  notebook  but  are  still  interested  in  the  power  of  BroadbandAccess?  You  can  get  a. 
Broadband  Access-capable  PC  card  that  slides  directly  into  most  notebooks. 
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available  in  181  major  metro  areas  covering  over  148  million  people.  Wireless  service  not  included  with  notebook.  Access  limited  to  coverage  area  of  Verizon  Wireless, 
Check  with  Verizon  Wireless  for  availability  and  coverage  in  your  area.  Coverage  limitations  &  maps  at  www.verizonwireles5.com.  limited, time  offer.- 


The  Xerox  Phaser  8500*  network  color  printer 
delivers  heavyweight  specs  at  a  featherweight  price. 
Which  means  it  can  take  on  anybody. 

Xerox  Color.  It  makes  business  sense. 


To  make  the  tough  Xerox  Phaser  8500  even  tougher  to 
resist,  we  reduced  it  to  $599  after  a  $300  rebate.  It  still 
delivers  up  to  24  color  pages  a  minute  and  an  industry¬ 
leading  first-page-out  time  that  delivers  stunning  600  dpi 
color  in  just  6  seconds.  It  has  Driver  Color  Controls  to 
match  output  color  to  the  color  on  your  computer  screen. 


And  talk  about  endurance!  With  one  of  the  largest  paper 
capacities  in  its  class,  the  Phaser  8500  just  keeps  going.  It’s 
easy  to  install  and  maintain.  Solid  Ink  technology  makes  it 
environmentally  green.  Naturally,  it’s  from  a  winning  line 
of  color  printers  and  multifunction  systems.  To  learn  more, 
contact  us.  We’re  sure  our  little  champ  will  knock  you  out. 


*For  rebate  details  visit  the  website  below. 


XEROX. 


call:  v 3 8- 247-51 07  _  |  Technology  |  Document  Management  I  Consulting  Services 

click:  xerox.com/office/1989  1 

contact  Your  local  reseller 


Limited  time  offer  Offer  s  valid  for  end  users  who  purchase  any  new  Xerox  Phaser  8500N  or  Phaser  8500DN  between  4/1/06  and  5/31/06  Xerox  must  receive  completed  refund  request  and  copy  of  the  dated  invoice  by  6/30/06.  Cannot  be  combined  with  any  other  Xerox 
incentive  Xerox  v.  iil  the  eligible  rebate  check  directly  to  end  user  Allow  6  to  8  weeks  for  delivery  Open  to  U.S  customers  with  a  valid  US  mailing  address.  Xerox  resellers,  agents,  dealers,  distributors  and  retailers  are  not  eligible.  Not  responsible  for  late,  lost  or 

postage-due  mail  Void  where  prohibited  Applicable  tax,  if  any,  is  the  sole  responsibility  of  end  user. 

€>2006  XEROX  CORPORATION  Ail  rights  reserved  XEROX".  Phaser*  and  Xerox  Color.  It  makes  business  sense  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


4.10.06  •  www.networkwonld.com  •  25 


ENTERPRISE  COMPUTI 

WINDOWS  LINUX  S3  UNIX  SERVERS  R  STORAGE  B  GRID/UTILITY  MOBILE  COMPUTING 


Short  Takes 


■  Apple  Computer  has  released 
software  that  lets  Mac  users  run 
Windows  XP  on  Intel-based 
Macintosh  computers.  Called  Boot 
Camp,  the  software  creates  a  hard- 
drive  partition  for  Windows  XP  and 
lets  users  choose  between  the  two 
operating  systems  at  start-up  time. 

It’s  available  as  a  free  beta  that  works 
for  a  limited  time,  and  will  be  included 
as  a  feature  of  the  next  major  Mac 
OS  release,  code-named  Leopard, 
Apple  says.  The  move  comes  a  few 
months  after  Apple  introduced  its 
first  computers  based  on  Intel’s  x86- 
type  processors.  The  company  has 
expressed  little  enthusiasm  in  the 
past  for  running  Windows  on  its 
Macs,  and  still  doesn’t  sound  entirely 
happy  about  it.  "Apple  has  no  desire 
or  plan  to  sell  or  support  Windows, 
but  many  customers  have  expressed 
their  interest  to  run  Windows  on 
Apple’s  superior  hardware,  now  that 
we  use  Intel  processors,"  says  Phil 
Schiller,  Apple's  senior  vice  president 
of  worldwide  product  marketing. 

■  Sun  said  last  week  it  has  upgraded 
its  business  software  for  storage 
with  new  reporting  enhancements. 
Sun’s  StorageTek  Business  Analytics 
software  is  based  on  technology 
gained  last  year  from  the  company's 
$4.1  billion  acquisition  of  Storage 
Technology.  StorageTek  had  previ¬ 
ously  acquired  the  software,  formerly 
called  Storability  Global  Storage 
Manager,  from  its  purchase  of  Stor¬ 
ability  Software  in  2004.  Sun  is  in  the 
process  of  rebranding  its  storage 
products  under  the  StorageTek  name, 
as  well  as  integrating  the  staff  and 
technologies  it  gained  through  the 
acquisition.  Version  5.0  of  StorageTek 
Business  Analytics  adds  new  net¬ 
work-attached  storage  reporting 
capabilities  to  notify  administrators 
when  quotas  are  being  reached,  as 
well  as  new  reporting  functionality  to 
identify  and  repair  orphan  storage. 
The  latest  version  also  adds  support 
for  the  Red  Hat  Enterprise  Linux  and 
Sun  Solaris  10  operating  systems, 
QLogic  switches  and  IBM  and  ADIC 
tape  libraries. 


Nokia  eyes  corporate  mobility 


Targeting  the  enterprise 

With  global  demand  for  data  services  expected  to  rise  20%  to  $22  billion  this 
year  compared  to  2005,  Nokia  has  been  building  up  its  enterprise  offerings.  The 
company  has: 

•  Introduced  E  Series  handsets  designed  for  enterprise  users. 

•  Spent  S430  million  to  buy  Intellisync  for  its  mobile  e-mail,  middleware  and  device  management  software 
products. 

•  Via  partnerships  with  Avaya  and  Cisco,  enabled  its  cellular  handsets  to  work  with  corporate  IP  PBXs. 

•  Extended  device  management  to  other  platforms  besides  its  Symbian-powered  handsets. 


BY  JOHN  COX 

Nokia  took  a  small  step  toward  a  big  goal 
last  week. 

That  step  is  a  new  version  of  its  device¬ 
management  software,  which  lets  cus¬ 
tomers  control  and  provision  mobile 
devices,  such  as  smart-phones  and  PDAs. 

Nokia’s  goal  is  to  be  the  linchpin  in  cor¬ 
porate  mobility  by  offering  a  variety  of 
products,  from  handsets  to  server  software 
that  together  give  mobile  workers  secure 
access  to  enterprise  applications. 

Achieving  that  goal  is  the  burden  of  the 
Enterprise  Solutions  division,  created  in 
2004,  under  former  HP  executive  Mary 
McDowell.  In  2005  the  division’s  net  sales, 
including  enterprise-class  smart-phones, 
network  firewall  and  VPN  products,  and 
now  mobile  e-mail  and  device  manage¬ 
ment  software,  amounted  to  $1.05  billion, 
less  than  3%  of  Nokia’s  total  sales.  Worse, 
Nokia  executives  cited  the  division’s  loss¬ 
es  as  one  drag  on  2005  profits.  Nokia  offi¬ 
cials  say  the  division  is  scheduled  to  be 
profitable  in  2007. 

Key  acquisition 

Nokia  confirmed  the  importance  of  the 
new  business  unit  in  2005,  however,  when 
the  board  approved  a  big  step:  the  $430  mil¬ 
lion  acquisition,  completed  two  months 
ago,  of  Intellisync,  a  software  vendor  offer¬ 
ing  data-synchronization  middleware  with 
an  application  for  push  e-mail  and  a  suite 
of  device-management  applications. 


“This  acquisition  really  expands  their  role 
into  mobile  e-mail,  groupware  and  [per¬ 
sonal  information  management] ”  says  Cliff 
Raskind,  director  of  wireless  enterprise 
strategies  for  Strategy  Analytics  in  Boston. 
“And  it  gives  them  instant  presence  with 
[Code  Division  Multiple  Access]  carriers  in 
the  United  States,  where  Nokia  has  had 
almost  no  presence.” 

The  Intellisync  software  will  provide  the 
underpinnings  for  Nokia  Business  Center,  a 
2005  package  of  hardware  and  software  for 
push  e-mail  and  for  mobilizing  a  range  of 
business  applications  that  was  initially  tar¬ 
geted  as  an  inexpensive  offering  for  small- 
to-midsize  companies.  The  offering  was  a 
direct  challenge  to  Microsoft,  Research  in 
Motion  and  Sybase,  with  its  Extended 
Systems  acquisition. 

The  software  announced  last  week  intro¬ 


duces  the  Open  Management  Alliance 
Device  Management  standard  into  the 
Intellisync  Device  Management  suite.  The 
OMA-DM  is  a  set  of  industry  protocols  and 
mechanisms  for  managing  mobile-  and 
wireless-connected  devices.  The  release 
also  will  give  administrators  new  controls 
over  what  file  types  and  sizes  can  be  down¬ 
loaded  to  handhelds. 

This  kind  of  centralized  administration  is 
essential  to  make  mobile  devices  a  true 
extension  of  the  enterprise,  says  Olivier 
Cognet,  the  division’s  executive  vice  presi¬ 
dent  of  business  development. 

“The  driver  for  Nokia  is  this:  If  we  just  want 
to  sell  some  more  phones  to  the  enterprise, 
that  won’t  get  us  very  far,”  he  says. “We  want 
to  enable  all  the  enterprise  applications, 
not  just  e-mail,  that  these  employees  need.” 

See  Nokia,  page  27 


EMC  software  archives  e-mail  and  more 


BY  SHELLEY  SOLHEIM,  IDG  NEWS  SERVICE 

EMC  last  week  rolled  out  software  for 
archiving  e-mail  and  reporting  data  from 
enterprise  applications. 

The  two  offerings  are  Documentum 
Archive  Services  for  E-mail,  which  col¬ 
lects  and  stores  incoming  and  outgoing 
e-mail,  and  Documentum  Archive  Ser¬ 
vices  for  Reports,  which  captures  reports 
from  ERP  systems,  invoices,  Web  services 
and  other  content. 

EMC  already  offered  a  tool  that  archives 
e-mail,  called  E-mailXtender,  but  the  com¬ 
pany  says  the  new  tool  is  designed  to 
archive  assorted  content  types. 

The  software  is  based  on  enterprise  con- 
tent-management  technology  that  EMC 
gained  through  its  $1.7  billion  acquisition 


of  Documentum,  and  is  part  of  the  storage 
giant’s  strategy  to  provide  a  unified 
approach  for  collecting,  storing  and 
accessing  data,  regardless  of  content  type. 

EMC  last  year  released  archiving  soft¬ 
ware  for  SAP  software  and  plans  to  extend 
archiving  to  many  other  forms  of  content, 
including  image,  video  and  Web  files. 

The  company  says  that  by  adopting  a 
unified  archiving  approach,  businesses 
can  expedite  data  recovery  for  compli¬ 
ance  and  litigation,  reduce  the  amount  of 
redundant  data  that  can  occur  when  con¬ 
tent  is  stored  in  separate  silos,  ease  man¬ 
agement  by  setting  and  enforcing  policies 
across  multiple  types  of  data  in  one  cen¬ 
tral  place,  and  better  mine  data. 

EMC  says  many  of  the  capabilities  of  the 


Documentum  content-management  plat¬ 
form,  such  as  version  control  and  unstruc¬ 
tured-data  searching,  were  a  good  fit  for 
archiving  software. 

The  software  will  support  other  storage 
vendors’  products,  EMC  says. 

“Their  biggest  challenge  will  be  trying  to 
convince  enterprises  that  there’s  a  one- 
stop  shop  for  archiving  all  their  data,"  says 
Brian  Babineau,  with  the  Enterprise 
Strategy  Group  in  Palo  Alto. 

EMC  will  have  to  overcome  organiza¬ 
tional  and  political  barriers  around  archiv¬ 
ing  data,  as  different  groups  within  com¬ 
panies  often  have  different  methods  for 
archiving  data  and  may  have  concerns 
about  storing  data  in  a  central  place  with 
other  groups,  Babineau  says.  ■ 


all  over  the  world,  including  support  for  100  million  remote  workers  every  day. 


a  simple  way  to  secure  your  network  so  that  only  your  employees  can  access  it? 
Yes.  Choose  Nortel.  We  provide  safe,  secure,  and  reliable  data  and  voice  communications 
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Microsoft  announces  virtualization  freebie 


BY  JOHN  FONTANA 

Microsoft  said  last  week  it  would  remove 
the  price  tag  from  its  Virtual  Server  and 
begin  offering  the  virtualization  technology 
as  a  free  download  to  Windows  users. 

Virtual  Server  2005  R2  Enterprise  Edition 
has  carried  a  price  of  $199  since  it  shipped 
in  December  2005. The  news  came  on  the 
opening  day  of  the  LinuxWorld 
Conference  and  Expo  in  Boston,  where 
Microsoft  also  said  Virtual  Server  add-ins  to 
support  Linux  are  available  and  that  it 
would  provide  support  under  current 
Microsoft  contracts  for  Linux  guest  operat¬ 
ing  systems  running  on  Virtual  Server  2005 
R2.  In  addition,  Microsoft  said  the  first  ser¬ 
vice  pack  for  Virtual  Server  2005  R2,  which 
features  integration  with  virtualization 
technologies  from  Intel  and  AMD,  would 
be  delayed  until  early  2007. 

Microsoft  also  said  the  standard  version 
of  Virtual  Server  is  being  discontinued.  For 
the  5,000  customers  that  have  purchased 
Virtual  Server,  Microsoft  said  those  with 
Software  Assurance  maintenance  contracts 
would  be  “taken  care  of,”  but  stopped  short 
of  saying  Microsoft  would  offer  refunds  to 
those  that  had  licensed  the  server.“It  could 
mean  different  things  for  different 
[Software  Assurance]  customers,”  says  Jim 
Ni,a  group  product  manager  for  Microsoft’s 
Windows  Server  team.  “We  want  to  craft 
something  that  is  a  win-win  situation.” 

Ni  said  users  without  contracts  have  prob¬ 
ably  realized  the  value  of  their  investment 


through  consolidation  and  other  cost  sav¬ 
ings  supported  by  virtualization. 

Ni  said  Microsoft  believes  virtualization 
should  be  delivered  as  part  of  the  operating 
system,  and  offering  Virtual  Server  2005  R2 
for  free  provides  a  perfect  way  to  get  users 
started  and  on  a  path  to  Longhorn  Server. 
That  product,  due  to  ship  in  2007,  is  slated 
to  feature  an  advanced  virtualization  tech¬ 
nology  called  Hypervisor. 

Experts  say  Microsoft’s  hand  was 
forced  by  market  leader  VMware,  which 
said  in  February  it  would  offer  VMware 
Server  for  free  this  summer,  and  by  Red 
Hat  and  Novell,  both  of  which  plan  to 
make  open  source  Xen  virtualization 
technology  a  part  of  their  respective 
Linux  operating  systems. 

“I  don’t  think  Microsoft  had  much 
choice  in  the  matter?  says  Gordon  Haff,  an 
analyst  with  llluminata.“The  bottom  line  is 
there  is  not  a  whole  lot  of  market  to  buy 
that  product  from  Microsoft.” 

Microsoft  is  taking  the  same  angle  as 
VMware  by  offering  introductory  capabili¬ 
ties  and  then  trying  to  move  users  to  more 
robust  features,  such  as  Hypervisor  and 
management  tools,  to  support  more  impor¬ 
tant  business  processes. 

VMware  last  week  said  that  its  disk-format 
specification  for  defining  and  formatting 
virtual  machines  will  be  offered  for  free. 
Depending  on  this  format  for  virtual 
machine  environments  are  patch,  provi¬ 
sioning,  security  management,  backup  and 


Nokia 

continued  from  page  25 

To  do  so,  the  enterprise  division  is  work¬ 
ing  in  four  areas.  First,  it  is  creating  a  new 
breed  of  mobile  terminals,  exemplified  by 
the  E  Series  handhelds  released  in  late 
2005  and  designed  for  business  users.  The 
E  Series  can  run  GSM,  wide-band  CDMA, 
wireless  LAN,  and  Bluetooth  interfaces, 
and  support  an  array  of  corporate  e-mail 
applications,  VoIP  and  Session  Initiation 
Protocol-based  services. 

Second,  it  is  securing  the  data  on  the 
devices  and  the  network  communica¬ 
tions,  via  Nokia’s  longstanding  security- 
appliance  business,  which  generates 
about  $300  million  a  year  for  the  division, 
Cognet  says. These  firewall  and  VPN  prod¬ 
ucts  are  being  refined  to  secure  mobile 
devices  better.  “We’ll  keep  adding  to  this 
[capability],”  he  says.“If  a  [mobile]  termi¬ 
nal  connects  to  the  corporate  e-mail  infra¬ 
structure,  the  e-mail  application  has  to  be 
protected  against  a  wider  array  of  threats, 
since  the  [client]  device  is  functioning 
outside  the  enterprise.” 

Third,  it  is  bringing  an  array  of  enterprise 
voice  and  data  applications  securely  to  the 
mobile  device. One  key  project  is  the  initial 


partnership,  launched  in  2005,  with  Avaya 
and  Cisco  to  link  Nokia  mobile  phones 
with  their  IP  PBX  products.  “We  think  the 
cellular  phone  will  be  the  primary  busi¬ 
ness  phone,  a  single  number,  a  single  voice 
mail  system,”  Cognet  says.  Customer  trials 
are  under  way  and  Cognet  says  this  capa¬ 
bility  will  debut  later  in  2006.  At  the  same 
time,  to  simplify  connections  with  the 
Nokia  Business  Center  middleware,  the 
enterprise  division  has  been  forging  part¬ 
nerships  with  e-mail  vendors  and  more 
recently  with  IBM,  Oracle,  SAP  and  other 
application  vendors. 

The  fourth  area  is  device  management, 
now  largely  based  on  the  Intellisync 
products,  which  support  various  operat¬ 
ing  systems.  Until  now,  most  of  Nokia’s 
focus  has  been  on  supporting  its  own 
Symbian-based  devices.  Is  Nokia  really 
willing  to  support  non-Nokia  devices? 
Cognet  says  he  encountered  that  skepti¬ 
cism  with  Intellisync’s  carrier  and  enter¬ 
prise  customers. 

“1  told  them, ‘First,  we  are  telling  you  that 
[supporting  other  platforms]  is  our  intent, 
so  judge  us  on  our  execution, ’"Cognet  says. 
“‘Second,  the  Enterprise  Solutions  division 
serves  the  enterprise,  not  [Nokia’s  mobile 
phone  division].’”* 


other  infrastructure  products. 

Microsoft  has  its  own  format  called  Virtual 
Hard  Disk,  which  it  began  offering  royalty- 
free  last  May  and  the  company  announced 
last  Monday  it  has  45  vendors  signed  on  to 
the  program. The  newest  licensees  include 


Brocade,  Diskeeper,  Fujitsu-Siemens, 
Network  Appliance,  Softricity  Virtual  Iron 
and  XenSource. 

Virtual  Server  2005  R2  runs  on  Windows 
versions  2003  and  later  (Microsoft  recom¬ 
mends  the  Windows  2003  R2  version).* 


SECURE  ROUTER 
PORTFOLIO  BUILT 


FOR  CONVERGENCE. 


Introducing  the  Nortel  Secure  Router  Portfolio.  Finally,  a 
portfolio  that  provides  security  and  reliability,  all  at  25%  less 
cost  than  the  leading  competitor.  It  te  time  to  turn  to  Nortel 
for  end-to-end,  converged  enterprise  network  solutions. 
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Vendor  Solutions  for  Your  IT  Challenges 

COMPANY:  Lucent  Technologies 

DETAILS:  As  a  leading  global  communications  infra¬ 
structure  provider,  Lucent  offers  enterprises  an  in-depth 
portfolio  of  industry  leading,  award-winning  VitalSuite® 
Performance  Management  Software  solutions  to  help 
manage  all  aspects  of  IT  network  operations — effectively, 
efficiently  with  unparalleled  ROI. 

CHALLENGE:  Does  your  network  management  sys¬ 
tem  measure  up?  Now  more  than  ever,  delivering  results 
relies  on  the  way  your  network  is  managed.  Your  IT 
infrastructure  is  as  important  to  your  business  as  your 
products,  services,  employees  and  even  your  customers. 
Simply  stated,  you  rely  on  the  way  you  manage  informa¬ 
tion  to  save  time  and  money. This  means  you  must: 

•  Optimize  Your  End  User  Experience 

•  Enable  Converged  Services 

•  increase  IT  Staff  Productivity 

•  Maximize  Return  on  Network  Investments 

SOLUTION:  Successful  IT  management  means  imple¬ 
menting  an  integrated  system  in  which  your  network, 
your  applications  and  your  business  processes  work 
together  to  support  strategic  enterprise  objectives.  That 
demands  visibility  into,  and  control  over,  your  entire  infra¬ 
structure — the  total  visibility  and  complete  control  only 
the  Lucent  VitalSuite®  Performance  Management  system 
can  provide. 

Winner  of  numerous  industry  awards,  including  the 
Network  World  "World  Class  Award"  for  best  performance 
management  system,  the  VitalSuite®  Performance 
Management  system  is  comprised  of  three  advanced 
software  modules  for  Application,  Network  and  Real¬ 
time  Event  analysis  offering  you  a  comprehensive  fully 
integrated  solution  in  a  cost  effective  package.  Providing 
real-time  views  into  everything  from  complex  e-com¬ 
merce  transactions  to  mission-critical  network  resources, 
it  lets  you  continuously  monitor,  measure  and  optimize 
performance  at  every  level  of  your  IT  operations. 

VitalSuite®  software's  business  management  innovations 
begin  with  My  Vital,  the  personal  window  into  your  IT 
infrastructure. This  web-based  portal  lets  you  create  and 
display  virtually  any  aspect  of  network  and  application 
performance:  wireless,  LAN,  WAN,  ATM,  VoIP  or  Frame 
Relay  quality  indices;  top  applications  and  events;  even 
specific  e-business  transactions  such  as  order  entry 
or  credit  authorization.  Everyone  from  executives  to 
engineers  can  create  unique  displays  tailored  to  their 
individual  requirements. 

Lucent  Technologies 

Bell  Labs  Innovations 

888-4Lucent 

www.networkworld.com/lucentvs 


E-MAIL  NEWSLETTER  SHOWCASE:  Wireless  in  the  enterprise 

Wireless’  802.1 1  alphabet  soup 
makes  net  execs  review  setup 


BY  JOANIE  WEXLER 

Enterprises  are  just  ramping  up  with  802.1  lb/g-based  Wi¬ 
Fi  deployments.  Relatively  speaking,  they  have  hardly 
touched  802.1  la,  which  offers  additional  channels  for 
design  flexibility  and  interference  avoidance  in  the  5-GHz 
range.  802.1  la  sees  the  most  action  today  in  the  backhaul 
component  of  Wi-Fi  mesh  networks. 

With  another,  faster  Wi-Fi  standard  en  route  —  802.1  In 
—  should  you  simply  bypass  802.11a?  The  answer 
depends  on  how  broadly  you  use  your  Wi-Fi  network  and 
for  what  applications. 

As  you  likely  know,  802.1  In  promises  to  bring  at  least 
100Mbps  theoretical  maximum  bandwidth  to  wireless  LANs 
(WLAN)  by  making  use  of  multiple  input/multiple  output 
(M1MO)  smart  antennas.  But  because  standards-based 
products  aren’t  due  out  yet  for  another  year,  one  integrator 
advises  that  enterprises  simply  ignore  802.1  In  for  now  and 
proceed  with  meeting  their  needs  using  what’s  available. 

Jeff  Nelson,  vice  president  of  wireless  operations  at  inte¬ 
grator  NetVersant  Solutions  in  Houston, says  that  moving  to 
802.1  In  “will  be  a  rip-and-replace  effort”  in  terms  of 
installing  a  whole  new  access  point  infrastructure. 

That’s  true,  if  you  require  the  performance  benefits  of 
802.1  In  ubiquitously  throughout  your  campus.  However, 
note  that  802.1  In  access  points  can  be  added  incremen¬ 


tally  to  your  existing  802.1  la/b/g  networks;  IEEE  802.1  In 
draft  specifications  require  that  802.1  In  be  backward-com¬ 
patible  with  these  networks. And  802.1  In  vendors  claim  that 
mixing  and  matching  802.1  la/b/g  networks  with  802.1  In 
will  provide  up  to  a  50%  performance  benefit.  So  you  could 
feasibly  come  out  ahead  by  introducing  802.1  In  as  you 
need  new  access  points  and,  through  attrition, replacing 
outdated  ones. 

But  if  your  WLAN  is  for  casual  use  or  for  low-bandwidth 
traffic,  you  might  be  inclined  to  wait.  One  company  that 
expects  to  go  this  route  is  United  Parcel  Service  (UPS). 

“We’ll  likely  leapfrog  802.1  la  and  go  straight  to  802.1  In,” 
says  John  Killeen,  director  of  global  network  systems  at  the 
Atlanta  worldwide  delivery  company.  UPS  runs  a  15,000- 
access  point  802.11b  WIAN  that  stretches  across  2,000 
sites,  according  to  Killeen. 

The  reason  for  now  is  that  most  of  the  data  UPS  transmits 
over  its  WLAN  relates  to  the  company’s  global  scanning  sys¬ 
tem  for  package  tracking. 

“The  data  consist  primarily  of  18-character  bar  codes, 
which  do  not  require  a  lot  of  bandwidth,”  Killeen  explains. 

Wexler  is  an  independent  networking  technology 
writer/editor  in  Silicon  Valley.  She  can  be  reached  at 
joanie@jwexler.com. 
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Benchmarking  helps  determine 
how  applications  will  perform 


BY  STEVE  TAYLOR  AND  JIM  METZLER 

Last  time,  we  pointed  out  that  since  a  company’s  CIO  as 
well  the  company’s  business  and  functional  managers  care 
more  about  applications  than  they  do  about  the  WAN,  WAN 
managers  need  to  be  able  to  demonstrate  how  the  WAN 
enables  appropriate  application  performance.  The  recom¬ 
mendation  that  we  made  was  that  WAN  managers  should 
benchmark  any  major  new  application  that  the  company 
is  in  the  process  of  deploying. 

An  IT  organization  can  do  the  benchmarking  themselves 
or  use  an  outside  vendor.  The  primary  purpose  of  the 
benchmarking  is  to  determine  in  advance  how  the  appli¬ 
cation  will  perform  when  run  over  a  production  WAN  and 
it  endures  varying  amounts  of  latencyjitter  and  packet  loss. 

For  example,  before  the  typical  interactive  application 
gets  deployed,  there  is  a  target  for  how 
long  a  transaction  should  take.  For 
example,  assume  that  the  target  is  five 
seconds  and  further  assume  that  if  there 
is  no  WAN  latency  that  the  transaction 
completes  in  two  seconds. 

As  part  of  the  benchmark  exercise, 
artificial  amounts  of  WAN  latency  are  in¬ 
troduced  and  the  response  time  of  the 
application  is  recorded. Typically  as  the 


WAN  latency  is  increased,  the  application  response  time 
also  increases.  Ideally,  the  response  time  increases  gradu¬ 
ally  as  WAN  latency  is  increased.  However,  in  some  in¬ 
stances  application  response  time  increases  dramatically  in 
response  to  only  minor  increases  in  WAN  latency. 

Assume  that  when  faced  with  300  milliseconds  of  WAN 
latency  the  application  has  a  response  time  of  4  seconds, 
but  if  there  is  a  WAN  latency  of  400  milliseconds,  the  re¬ 
sponse  time  jumps  up  to  six  seconds. 

Armed  with  this  information,  the  WAN  organization  can 
set  thresholds  throughout  the  WAN  so  that  the  appropriate 
people  are  notified  when  the  WAN  latency  approaches  300 
milliseconds. The  reason  for  doing  this  is  so  that  the  WAN 
organization  can  know  that  one  of  the  company’s  key 
applications  is  about  to  start  performing  badly  and  can 
take  steps  proactively  to  ensure  that  this 
does  not  happen. 

Taylor  is  president  of  Distributed 
Networking  Associates  and  publisher/ edi- 
tor-in<hief  of  Webtorials.  Taylor  can  be 
reached  at  taylor@webtorials.com.  Metzler 
is  the  vice  president  of  Ashton,  Metzler  & 
Associates.  He  can  be  reached  at 
jim  @ashtonmetzler.  com. 
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Microsoft  revamps  SharePoint  server 


Six  sides  of  SharePoint 


Microsoft  cuts  its  SharePoint  pie  into  six  areas:  the  company  is  making  heavy 
investments  in  these  areas,  with  the  server  at  the  heart  of  the  strategy. 


Focal  points 

Features/capabilities 

Collaboration 

New  templates  for  blogs,  wikis,  discussion  groups,  instant  messaging 
presence  information. 

Portal 

Targeting  features  display  content  based  on  user  identity  or  group 
affiliation. 

Business  intelligence 

Portal  that  includes  Reporting  Center,  which  puts  SQL  Server  reports 
into  SharePoint.  Also  integrates  with  Dynamics  CRM. 

Search 

Key  feature  for  collaboration,  portal  and  business  intelligence. 

Enterprise  content  management 

Content  Management  Server  is  folded  into  SharePoint  and  supports 
everything  from  Web-based  content  management  to  records  and 
document  management. 

Electronic  forms/workflow 

Includes  new  InfoPath  Form  Services,  which  integrate  InfoPath  and  Web- 
based  forms. 

BY  JOHN  FONTANA 

After  several  years  without  a  clear  focal 
point  for  its  collaboration  strategy,  Microsoft 
now  is  planning  to  put  SharePoint  Server  at 
the  center  of  its  efforts. 

When  Office  2007  ships  to  corporate 
users  later  this  year,  it  is  expected  to 
include  what  today  is  known  to  more  than 
70  million  licensed  users  as  SharePoint 
Portal  Server,  but  revamped  and  renamed 
Office  SharePoint  Server  2007.The  software 
will  be  the  foundation  for  sharing  all  the 
document  types  produced  by  Office  desk¬ 
top  applications.  It  also  will  be  the  switch¬ 
ing  station  for  workflow,  document  routing 
and  approval,  instant  messaging  and  pres¬ 
ence  information,  business  intelligence, 
search  and  electronic  forms.  Content 
Management  Server  features  will  be  folded 
into  SharePoint  Server. 

SharePoint  Server  will  be  pitched  to  cor¬ 
porate  users  as  a  multitasking,  identity- 
enabled  engine  for  hosting  collaborative 
sites  for  the  Internet  and  company  intranets 
and  extranets.  Microsoft  is  planning  an 
option  for  it  to  be  licensed  per  CPU.so  users 
can  host  Web  sites  on  the  platform. 

Office  2007  plugs  two  glaring  holes  in 
SharePoint  Server  by  adding  offline  client 


capabilities,  through  Office  Groove  and 
Outlook,  and  a  rapid  application  develop¬ 
ment  tool  called  SharePoint  Designer.  The 
server  also  is  integrated  with  Visual  Studio 
2005  and  the  .Net  2.0  Framework  so  devel¬ 
opers  can  build  and  easily  debug  compo¬ 
nents  that  Designer  will  use  to  stitch  to¬ 
gether  SharePoint  applications.  “This  is  the 
nod  that  SharePoint  is  the  server  we  are 
going  to  put  a  lot  of  the  collaboration  work 
underf  says  John  Carins,  senior  director  of 
information  worker  licensing  and  packag¬ 
ing  for  Microsoft. 

The  message  should  have  a  familiar  ring 
to  many  corporate  users.  Six  years  ago,  Ex¬ 
change  was  the  darling  of  collaboration  at 
Microsoft.The  platform  was  infused  with  in¬ 
stant  messaging  and  conferencing,  and  was 
groomed  to  support  collaborative  applica¬ 
tions  built  with  rapid  application  develop¬ 
ment  tools.  A  much-touted  feature  that  fell 
flat  was  the  Web  Store,  a  SQL-based  virtual 
repository  intended  to  house  numerous 
document  types,  and  let  users  and  devel¬ 
opers  pull  together  data  from  across  corpo¬ 
rate  servers  and  stitch  it  into  sophisticated 
collaborative  applications.  “Exchange  was 
just  a  little  too  early  for  its  time,”  says  Tom 


Rizzo,  director  of  SharePoint  Portal  Server  at 
Microsoft.“But  no  matter  where  the  technol¬ 
ogy  sits,  we  have  always  had  this  vision  of 
unified  collaboration  to  make  people  pro¬ 
ductive,  from  the  information  worker  to  the 
IT  pro  all  the  way  through  to  the  developers. 


SharePoint  is  evolving  to  solve  that  need.” 

Of  course,  strategy  is  all  Microsoft  has 
now,  because  SharePoint  Server  was  not  in¬ 
cluded  in  the  first  beta  of  Office  2007,  and 
users  won’t  get  their  first  look  at  it  until  the 
See  SharePoint,  page  30 


Liferay  overhauls  open  source  portal 


Short  Takes 


■  BMC  Software  has  made  available 
two  products  it  says  can  help  cus¬ 
tomers  better  inventory  their  IT 
assets.  Using  technology  from  its 
Magic  and  Marimba  acquisitions, 
BMC  has  upgraded  its  Foundation 
Discovery  and  Topology  Discov¬ 
ery  software  to  work  more  tightly 
with  BMC’s  Atrium  configuration 
management  database  product.  Foun¬ 
dation  Discovery  performs  agentless 
IT-environment  discovery  and  inven¬ 
tory;  Atrium  CMDB  collects  and 
stores  configuration  data  from  IT 
assets;  and  Topology  Discovery  maps 
the  relationships  and  dependencies 
among  assets.  They  maintain  an  up- 
to-date  database  of  configuration 
information.  BMC  Foundation 
Discovery  costs  $12  per  asset,  and 
BMC  Topology  Discovery  costs 
$50,000  per  instance. 


BY  ANN  BEDNARZ 

A  hallmark  of  the  open  source  software 
community  is  the  opportunity  for  IT  execu¬ 
tives  to  get  close  to  developers  and  influ¬ 
ence  product  development.  Goodwill  In¬ 
dustries  International  helped  drive  the 
security  overhaul  of  the  new  version  of 
open  source  Liferay  portal  software, 
expected  to  be  announced  this  week. 

Liferay  Fbrtal  4.0  lets  individual  users, 
groups  and  guests  have  portlet-level  per¬ 
missions.  Administrators  can  set  or  restrict 
access  to  portlets  and  portlet  objects,  as 
well  as  delegate  access  authority  to  others. 

“Not  only  did  we  add  the  security  com¬ 
ponent,  we  rewrote  every  piece  to  hook 
into  that  security  mechanism,”  says  Brian 
Chan,  founder  and  chief  software  architect 
of  Liferay.“Before,  it  was  set  based  on  roles, 
and  how  you  defined  a  role  had  to  be  cus¬ 
tomized  between  different  implementa¬ 
tions.  Now  every  object  in  the  system  has  a 
set  of  permissions,  and  you  can  manage  all 
that  through  the  GUI.” 

Those  features  are  critical  to  Goodwill, 


Room  to  grow 

Gartner  estimates 

less  than  1% 

of  Global  1000  companies  have 
deployed  open  source  portals  at 
an  enterprise  level  and 

less  than  3% 

have  deployed  them  at  any  level. 


which  runs  job  training  and  career  services 
for  people  with  disabilities,  those  on  wel¬ 
fare  and  others  in  need.  Liferay  Fbrtal  4.0 
gives  Goodwill  more  sophisticated  control 
of  security  settings  than  was  available  in 
earlier  versions,  says  Steve  Bergman,  CIO  at 
the  Rockville,  Md.,  nonprofit  organization. 
“We  can  assign  security  rights  to  individuals 
or  put  them  into  security  groups  so  they 
have  access  to  components  that  are  appro¬ 
priate  for  their  activities  in  the  portal.” 

IT  staff  also  can  delegate  administrative 
tasks  to  local  Goodwill  locations  so  field 


managers  can  control  their  own  group’s 
access  privileges,  says  Michael  Shollen- 
berger,  program  manager  at  Goodwill. 

Key  to  the  overhaul  is  that  Liferay  didn’t 
sacrifice  the  stability  or  perfomiance  of  the 
application  in  the  redesign  of  the  security 
framework,  Shollenberger  says.  “It’s  tough 
when  you  build  an  application  and  then 
need  to  revisit  the  granularity  of  the  secu¬ 
rity  model,"  he  says.  But  Liferay  managed  to 
overhaul  the  security  framework  without 
degrading  performance  or  sacrificing  sta¬ 
bility  of  the  product,  he  says. 

Goodwill  started  designing  its  portal, 
known  as  MyGoodwi  11,  about  two  years  ago. 
The  organization  considered  commercial, 
off-the-shelf  portal  products  as  well  as  open 
source  products  when  it  started  searching 
for  a  portal  platform.  “We  knew  we  wanted 
to  head  down  the  Java  path,  based  on  our 
internal  capabilities  and  our  team’s  exper¬ 
tise.  But  we  didn’t  know  that  we  wanted  to 
go  open  source,”  Bergman  says.  After  flesh¬ 
ing  out  its  business  plan  and  doing  a  cost- 
See  Portal,  page  30 
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’Net  as  a  political  tool,  almost  a  joke 


NET  INSIDER 
Scott  Bradner 


On  April  2,  the  first  story  readers 
ran  across  on  the  front  page  of 
The  New  York  Times  reported  the 
obvious  fact  that  the  “Internet 
injects  sweeping  change  into  U.S. 
politics.”  The  story  did  not  cover 
much  new  ground,  though  it  had 
some  interesting  factoids  (for 
example,  80%  of  the  donations 
from  people  aged  18  to  34  to  the 
John  Kerry  campaign  for  presi¬ 
dent  came  via  the  Internet). 
Trends  in  Internet  adoption  and 
clarifications  of  federal  law  may 
just  provide  reason  for  The  New 


York  Times  to  revisit  the  topic 
soon. 

The  story  mostly  talked  about 
how  campaigns  are  beginning  to 
use  the  Internet  to  reach  support¬ 
ers  or  get  their  messages  out  in 
the  face  of  the  diminishing  effec¬ 
tiveness  of  television  advertising 
to  convince  people  to  vote  for  or 
against  a  candidate  or  issue.  The 
story  mentions  a  recent  Bew  Inter¬ 
net  &  American  Life  Project  study 
that  reported  about  44  million 
Americans  ( The  New  York  Times 
says  50  million)  used  the  Internet 
to  read  news  on  an  average  day  in 
December  2005  (see  www.nwdoc 
finder.com/2924),  up  from  27  mil¬ 
lion  in  March  2002. 

But  the  story  did  not  mention 
that  same  Pew  report’s  statistic 
that  American  broadband  Inter¬ 
net  users  were  almost  twice  as 
likely  as  dial-up  users  (43%  to 


26%)  to  use  the  Internet  as  a  news 
source.  Coupled  with  the  increase 
in  the  percentage  of  Americans 
subscribing  to  broadband  Inter¬ 
net  services — it’s  now  about  40%, 
up  from  about  18%  in  2002  (see 
www.nwdocfinder.com/2925)  — 
that  means  the  number  of  Ameri¬ 
cans  turning  to  the  Internet  for 
news  will  continue  to  grow. 

Bew  also  reports  more  than  half 
of  Internet  news  seekers  go  to 
major  news  sites  such  as  CNN  and 
MSNBC,  almost  40%  go  to  portals 
such  as  Yahoo  and  Google,  and  a 
bit  fewer  than  10%  read  blogs. 
That  last  number  might  surprise 
some  in  the  political  game,  be¬ 
cause  blogs  had  a  major  impact 
during  the  last  election,  mostly  in 
discovering  “misstatements”  made 
by  politicians  or,  in  a  few  cases, 
news  people. 

In  a  not-unrelated  story,  the  Fed¬ 


eral  Elections  Commission  (FEC) 
has  preliminarily  adopted  a  set  of 
definitions  for  the  term  public 
communications,  to  be  used  in 
the  context  of  the  McCain-Fein- 
gold  campaign  reform  act’s  re¬ 
strictions  on  the  use  of  public 
communications  for  political 
advertising.The  definitions  (www. 
nwdocfinder.com/2926)  exempt 
most  uses  of  the  Internet  from 
those  restrictions;  the  FEC  notes 
they  specifically  exempt  blogs. 
About  the  only  Internet-related 
things  escaping  the  new  defini¬ 
tions  are  paid  advertising  on  the 
Internet  and  the  requirement  for  a 
campaign  to  report  any  money  it 
pays  to  bloggers. 

So  just  when  The  New  York 
Times  reports  on  the  Internet’s 
impact  on  the  political  space,  the 
FEC  decides  this  space  is  mostly 
free  of  regulations.  I  agree  with 


what  the  FEC  has  adopted,  but  it’s 
not  going  to  make  any  easier  the 
Internet  user’s  job  of  finding 
nuggets  of  truth  among  the  dregs 
of  what  passes  for  news  and  fact 
on  the  Internet. 

Maybe  it  would  have  been  bet¬ 
ter  if  The  New  York  Times  had  pub¬ 
lished  its  story  one  day  earlier  it’s 
just  the  kind  of  almost-joke  that  is 
best  published  on  that  day  (see 
“Almost  a  joke,”  www.nwdocfind 
er.com/2927). 

Disclaimer:  Harvard  students 
can  take  a  class  in  “Wit  and 
Humor”  (www.nwdocfinder.com 
/2928);  I  do  not  know  if  the  class 
covers  this  type  of  bitter  joke,  so 
the  above  observation  is  my  own. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


SharePoint 

continued  from  page  29 

second  beta  is  made  available  later  this 
year.  General  availability  of  Office  2007  for 
customers  with  volume  licenses  is  planned 
for  November;  SharePoint  Server  is  avail¬ 
able  only  through  volume  licensing. 

Some  users  say  they  like  the  direction  and 
are  mobilizing  to  get  in  line.“We  are  reengi¬ 
neering  our  entire  product  line  to  align 
with  the  extended  capabilities  and 
enhancements  found  in  the  next  genera¬ 
tion  of  SharePoint,”  says  Cliff  Lloyd,  execu¬ 
tive  director  of  the  Solutions  IT  Group  for 
the  Association  of  Independent  Schools  of 
Western  Australia. 


Portal 

continued  from  page  29 

benefit  analysis, Goodwill  settled  on  Liferay 

“Our  implementation  costs  —  to  get 
the  application  up  and  running  and  do 
the  initial  integration  —  are  easily  a 
third  of  what  it  would  have  cost  us  had 
we  gone  with  [an  off-the-shelf]  product,” 
Bergman  says. 

Not  having  to  pay  for  software  licenses  let 
Goodwill  dedicate  more  funds  to  integrat¬ 
ing  the  portal  platform  with  its  back-end 
systems,  including  its  Microsoft  SQL  Server 
database, e-mail  system, and  online  training 
applications  from  Saba. 

Six  months  after  its  initial  deployment, 
MyGoodwill  has  about  6,000  active  users 
and  Goodwill  is  rolling  it  out  to  larger  parts 
of  the  organization  on  a  controlled  basis. 
The  portal  is  designed  to  accommodate  as 
many  as  100,000  users,  Shollenberger  says. 


The  association  plans  to  expand  its  roll¬ 
out  to  support  1  million  students,  using 
SharePoint  for  document  and  workflow 
management  and  site  security.  It  also  uses 
Windows  SharePoint  Services,  a  feature  of 
Windows  Server  for  creating  ad  hoc 
online  workgroups,  to  support  team  col¬ 
laboration  sites. 

“We  will  continue  to  base  all  collabora¬ 
tion,  document  and  project  work  spaces 
and  presence  awareness  on  SharePoint,” 
Lloyd  says. 

SharePoint's  challenges 

SharePoint  Server  faces  a  number  of  chal¬ 
lenges  —  just  as  its  predecessor  Exchange 
did  —  in  trying  to  become  a  hub  for  appli¬ 


Using  open  source  software  for  a  mission- 
critical  application  is  new  to  Goodwill.  “I 
looked  at  this  as  an  option  a  couple  of 
years  ago, but  I  just  didn’t  feel  like  the  indus¬ 
try  was  mature  enough  back  then,” 
Bergman  says. 

But  the  open  source  community  has 
grown  and  matured  a  lot  in  the  last  two 
years,  he  says.  “To  develop  an  enterprise 
application  of  this  magnitude  in  open 
source  was  taking  a  little  bit  of  a  leap  of 
faith.  But  we’ve  been  very  pleased  with 
the  effort,”  Bergman  says. 

Goodwill’s  experience  with  Liferay  could 
lead  to  more  open  source  deployments,  he 
says  “Given  this,  I  don’t  look  at  any  new  plat¬ 
form  without  also  putting  it  side-by-side 
with  the  open  source  alternative.” 

An  additional  feature  in  Liferay  Portal  4.0 
is  the  ability  to  post  pages  and  objects  with 
public  and  private  viewing  properties;  pri¬ 
vate  pages  are  password-protected.  Added 


cation  development  and  user  collabora¬ 
tion.  First,  the  server  will  have  to  prove  it  can 
scale  to  handle  the  Internet-facing  Web 
sites  users  may  build.  Microsoft  also  will 
have  to  define  clearly  the  differences  and 
advantages  in  using  SharePoint  Server  for 
Web  sites  rather  than  Internet  Information 
Server  and  ASPnet. 

Licensing  will  be  watched  closely  also. 
Content  Management  Server  licenses 
cost  an  average  of  $20,000  to  $40,000; 
with  the  server  now  folded  into 
SharePoint  Server,  the  question  is,  will 
tiered  pricing  determine  what  features 
and  functionality  are  available? 

Given  the  breadth  of  SharePoint  Server’s 
capabilities,  Microsoft  will  have  to  provide 


taxonomy  features  in  Liferay  Portal  4.0  let 
users  create  sub-portals  within  the  corpo¬ 
rate  portal  for  a  company  division  or 
branch  office. 

The  portal  conforms  to  the  JSR-168  por¬ 
tal  API,  a  standard  designed  to  simplify 
integration  among  portal  elements.  In 
Version  4.0,  Liferay  has  added  support  for 
the  JSR-170  standard  for  content  manage¬ 
ment  systems  (CMS). 

Inversion  4.0.1., Liferay  plans  to  add  sup¬ 
port  for  a  workflow  portlet  that  integrates 
with  the  open  source  Java  business  process 
management  engine,  Chan  says. 

Liferay  offers  Professional  and  Enter¬ 
prise  versions  of  its  portal  software.  The 
Enterprise  version  lets  users  cluster  port- 
let  transactions  across  multiple  servers. 
Both  versions  are  freely  available  under 
an  MIT  license.  Optional  support,  training 
and  professional  services  are  available 
from  Liferay.  ■ 


users  with  clear  starting  points,  experts 
say  “Something  so  users  can  say  ‘OK,  we 
want  to  integrate  that  with  our  line-of-busi- 
ness  applications.  We  want  to  map  work- 
flow  to  the  reality  of  our  approval  pro¬ 
cesses’”  says  Peter  Pawlak,an  analyst  with 
Directions  on  Microsoft. 

A  major  portion  of  the  work  needed  to  get 
users  started  likely  will  fall  on  the  800 
SharePoint  partners  Microsoft  already  has. 
“You  are  going  to  see  [independent  soft¬ 
ware  vendors]  jump  on  SharePoint,”  says 
Brent  Bolleman,  strategic  marketing  man¬ 
ager  for  Colligo,  which  just  shipped  an  off¬ 
line  client  for  SharePoint  intended  to 
eclipse  the  basic  functionality  offered  with 
Outlook  and  the  Groove  client.  The  client 
has  two  versions:  Reader,  which  lets  users 
take  documents  offline  for  reading,  and 
Contributor,  which  is  an  offline  client  for 
project  teams  that  includes  sophisticated 
replication  features.“With  SharePoint  as  the 
de  facto  place  to  expose  all  of  these  differ¬ 
ent  content  types,  it  gives  you  a  central 
place  where  all  these  applications  can  have 
their  content  exposed  to  the  network, 
where  before  all  of  it  was  segmented,” 
Bolleman  says. 

The  foremost  challenge  to  SharePoint 
Server,  however,  will  be  the  same  one 
Exchange  faced:  IBM/Lotus.  That  Microsoft 
rival  is  reshaping  its  collaborative  software 
around  Notes/Domino  and  the  Java  2 
Platform  Enterprise  Edition-based  Work¬ 
place  platform,  and  is  already  positioning 
itself  against  SharePoint.  “I  am  not  that 
impressed  with  the  directions  that  I’m  see¬ 
ing,”  says  Larry  Bowden,  vice  president  of 
Workplace  software  solutions  for 
IBM/Lotus.  He  says  Microsoft  is  working 
toward  a  point  Lotus  was  at  10  years  ago.B 
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A  few  weeks  ago  I  made  the  point  that 
two  of  the  most  common  models  for 
describing  the  Internet  have  significant 
flaws  that  could  lead  to  poor  policy  deci¬ 
sions.  I’ll  focus  on  the  issue  of  the  “distribu¬ 
tion  model” and  its  effect  on  ’Net  neutrality 
in  an  upcoming  column. 

For  now,  I’ll  revisit  the  issue  of  why  the 
“utility  model”  of  the  Internet  is  flawed  — 
and  as  a  consequence,  why  we  don’t  need 
universal  broadband. 

I’ve  gotten  a  lot  of  feedback  on  my  previ¬ 
ous  columns  on  the  topic.  Naysayers’  com¬ 
ments  basically  fell  into  the  following  cate¬ 
gories: 

1.  Broadband  today  is  just  like  phone  ser¬ 
vice  was  in  the  1930s,  when  telephony  was 
considered  a  utility  on  the  order  of  elec¬ 
tricity  and  water. 

The  argument  sounds  good,  but  it’s  flawed 
on  a  couple  of  levels.  First,  the  electricity 
and  water  networks  are  managed  regional¬ 
ly,  not  federally 

Second  (and  more  important),  the  infra¬ 
structure  required  to  benefit  from  the 
Internet  is  significantly  more  complex  than 
that  for  the  water  and  utility  networks.  To 
use  water,  all  you  need  is  a  cup.  Electricity? 
A  lamp  and  light  bulb  will  do.  But  to  access 
the  Internet,  you  need  softwares  computer 
and  a  cable  or  DSL  modem.  Providing 
broadband  without  any  of  these  is  like  pro¬ 
viding  a  car  without  an  engine  —  it  looks 
pretty,  but  it’s  useless. 

Third,  and  most  important,  the  Internet 
isn’t  something  you  can  just  “tap  into”  (like 
the  energy  and  water  grids).  Truly  leverag¬ 
ing  the  Internet  involves  creating  and  post¬ 
ing  content  (whether  by  email,  Web  site, 
blog  or  an  application  that  hasn’t  been 
invented  yet).  Any  policy  that  aims  to  pro¬ 
vide  uniform  high-quality  access  to  the 
Internet  would  need  to  include  all  of  the 
above  —  and  again,  simply  providing  a  fat 
pipe  doesn’t  help. 

2.  There’s  a  digital  divide  between  privi¬ 
leged  and  underprivileged  citizens,  and  we 
need  federal  help  to  bridge  it. 

I  can  be  as  much  of  a  bleeding  heart  as 
the  next  person,  but  check  out  this  news: 
The  digital  divide  is  narrowing  fast. 
Researchers  are  finding  that  groups  that 
have  historically  been  underrepresented 


Why  the  Internet’s  not  a  utility 


on  the  Internet  —  including  African- 
Americans  and  other  minorities  —  are 
getting  connected  at  higher  rates  than 
practically  anyone.  According  to  Pippa 
Norris,  one  of  the  premier  researchers  of 
the  digital  divide,  African-Americans  are 
aggressively  searching  the  Internet  for 
employment  and  educational  opportuni- 
ties.The  moral?  The  “underprivileged”  may 
be  pretty  good  at  looking  after  them¬ 
selves,  after  all. 


3.  The  claim:  Broadband  isn’t  universally 
available. 

That’s  true  to  a  certain  extent  —  many 
regions  are  out  of  reach  for  both  cable  and 
DSL  While  satellite  can  get  virtually  any¬ 
where,  there  are  latency  issues.  But  people 
can  choose  where  to  live.  If  it’s  not  cost- 
effective  to  provide  broadband  services  out 
to  the  boonies,  why  should  taxpayers 
around  the  country  have  to  subsidize  those 
services?  If  a  particular  municipality  wants 


to  tax  its  citizens  to  bring  broadband  to  the 
boonies,  it’s  certainly  welcome  to.  But  once 
again, that’s  a  local  —  not  a  federal  —  issue. 

The  bottom  line?  The  Internet’s  not  a  utili¬ 
ty  And  we  don’t  need  federal  help  to  get 
ourselves  connected. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


VeriSign  embracing  mobile  services 


VeriSign  acquisitions  at  a  glance 


Company 

m-Qube 

Kontiki 

3united 

CallVision 

Date 

March 

March 

February 

January 

Description 

Helps  companies 
develop,  deliver  and 
bill  for  mobile 
content,  applications 
and  messaging 
services. 

Technology 
speeds  delivery 
of  digital  media, 
including  VoIP 
networks. 

Wireless  applications 
service  provider 
reaches  more  than 
400  million  cus¬ 
tomers,  primarily  in 
Europe  and  Asia. 

Provides  electronic 
billing  and  customer 
self-service  applications 
to  carriers. 

Customers 

Sony  Pictures,  CBS, 
Warner  Music  Group, 
Reuters 

Sky,  AOL  and 
Verizon 

SingTel,  Mobilekom/ 

Vodafone, 

Hutchinson3G 

T-Mobile,  Bell  Canada, 
TelstraClear  and  AAPT. 

BY  CAROLYN  DUFFY  MARSAN 

VeriSign  is  expanding  beyond  its  roots  as 
a  security  and  DNS  specialist  to  become  a 
behind-the-scenes  provider  of  mobile  con¬ 
tent  services  through  a  series  of  acquisi¬ 
tions  completed  in  recent  weeks. 

VeriSign  is  betting  that  mobile  content 
will  grow  in  the  United  States  and  Europe, 
as  it  has  boomed  in  Asia.While  most  of  this 
growth  will  come  from  the  consumer  mar¬ 
ket,  VeriSign  executives  foresee  opportuni¬ 
ties  for  companies  to  provide  rich  content 
to  mobile  employees  across  a  variety  of 
devices,  including  cell  phones  and  hand¬ 
helds. 

“The  big  portals  and  the  largest  consumer 
brands  and  media  companies  are  starting 
to  embrace  using  the  content-to-mobile 
channel,” says  Jeff  Treuhast, senior  vice  pres¬ 
ident  of  digital  content  services  forVeriSign. 
“We  expect  to  see  a  generous  amount  of 
new  revenue  for  the  media  companies  and 
the  operating  networks.” 

VeriSign  expects  that  as  mobile-phone 
users  get  more  comfortable  with  down¬ 
loading  ringtones  and  taking  pictures,  they 
will  be  ready  to  interact  with  enterprise 
applications  over  mobile  devices. 

“Individual  wireless  subscribers  who  have 
used  these  features  of  their  phones  will 
now  be  more  comfortable  with  using  that 
technology  to  interact  with  applications  in 
business  life,”  Treuhast  says.  “The  mobile 
knowledge  worker  might  use  this  technolo¬ 
gy  to  handle  trouble  tickets  or  applications 
like  upgrading  seats  on  an  airplane.” 

VeriSign  sees  itself  as  a  provider  of  key 
pieces  of  the  IP  infrastructure  required  for 
mobile-content  applications.  That’s  where 
its  recent  acquisitions  of  m-Qube  and  3unit- 
ed  Mobile  Solutions  fit  in.  Both  companies 


help  content  providers  develop,  deliver  and 
bill  for  mobile  content,  applications  and 
messaging  service.  Together,  they  reach 
more  than  600  million  wireless  subscribers 
in  North  America,  Europe  and  Asia. 

“Mobile  messaging  and  mobile-content 
delivery  is  taking  off,  and  VeriSign  sees  an 
opportunity  to  really  get  into  the  game,” 
says  Tony  Rizzo,  research  director  for 
mobile  technology  at  The  451  Group. 
“These  acquisitions  allow  them  to  do  a 
variety  of  multimedia  transactions.  The 
consumer  sends  a  multimedia  bit  like  a 
photo  with  an  audio  clip,  and  VeriSign  gets 
a  piece  of  the  transaction.” 

VeriSign  also  bought  Kontiki,  which  pro¬ 
vides  peer-to-peer  technology  that  speeds 
the  delivery  of  IP  broadcast  services  such 
as  VoIP 

“Kontiki  has  a  peer-based  delivery  system 
for  TVquality  video  that  media  companies 
can  use  to  go  direct  to  consumers  over  the 
Internet  and  enterprises  can  use  to  trans¬ 


form  the  way  they  communicate  with 
employees  and  business  partners,”Treuhast 
says.  “The  system  that  Kontiki  has  built 
allows  you  to  automate  the  process  so  that 
the  latest  presentation  from  the  CEO  is 
always  on  the  user’s  desktop.  It  gets  pushed 
out  to  the  machine.” 

Analysts  say  it  will  be  at  least  a  year  before 
enterprises  start  enabling  their  key  applica¬ 
tions  to  integrate  with  wireless  devices  and 
start  using  these  devices  for  rich  content, 
such  as  audio  and  video. 

“It’s  at  least  another  18  months  until  this 
becomes  a  viable  market,  but  it  will  defi¬ 
nitely  happen,”  Rizzo  says.“Right  now  it’s  all 
about  the  consumer  dollars.  Everyone  is 
putting  their  first  effort  there.” 

In  addition, VeriSign  bought  mobile-billing 
services  provider  CallVision  in  January. 
CallVision  provides  T-Mobile,  Bell  Canada 
and  other  carriers  with  technology  that 
supports  electronic  billing  and  customer 
self-service  applications.  ■ 
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INFRASTRUCTURE  LOG 


WebSphere. 


_DAY  16:  It’s  out  of  control.  It  takes  people  forever  to 
access. . .everything.  We  can’t  get  anything  done.  We’re  so 
inefficient.  There’s  got  to  be  a  better  way. 

_DAY  17:  Gil  says  he’s  found  one:  aerodynamic  bodysuits. 
He  says  everyone  will  be  able  to  work  faster  and  better  now. 

_DAY  21:  I’ve  taken  back  control  with  IBM  WebSphere 
Portal — a  simple  and  fast  start  to  a  service-oriented 
architecture.  It  works  with  what  we  have  and  integrates 
the  apps,  processes  and  info  our  people  need  to  do  their 
jobs  effectively.  Works  with  our  customers  and  suppliers, 
too.  Now  we  have  a  customizable  interface  that  puts 
everything  at  our  fingertips. 

_Productivity  is  up.  Gil  says  that’s  great,  but  he 
refuses  to  take  off  his  suit. 


Download  IBM’s  WebSphere  Portal  ROI  Tool  at: 

IBM.COM/TAKEBACKCONTROL/PORTAL 


Vegas  April  30-May  5,  2006 


www.interop.com 
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TECHNOLOGY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 

Patch  proxy  eases  update  pressure 


HOW  IT  WORKS:  Patch  proxy 


Patch  proxy  technology  stands  in  for  an  actual  patch  by  applying  the  same 
corrective  action. 


/- 
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D  Client  initiates  Windows  Internet  Naming  Service  (WINS)  session  with  the  unpatched  server.  Patch 
g  proxy  begins  monitoring  the  session. 

£j  Server  responds  to  the  client  with  a  key  value  of  04  34  3E76  for  the  WINS  session. 

Client  changes  key  value  to  04  34  32  FF  and  sends  response  to  server  targeting  the  unpatched 
n  vulnerability. 


The  patch  proxy  fixes  the  key  to  the  value  the  server  originally  sent,  04  34  3E  76,  performing  the 
same  action  as  the  vendor  patch. 


BY  FRED  KOST 

The  pressure  to  patch  servers  is  increas¬ 
ing  as  regulatory  requirements  drive  rapid 
patch  deployment.  Many  organizations 
have  deployed  patch-management  systems 
to  simplify  and  manage  rollouts  of  security 
patches, yet  they’re  still  left  with  the  need  to 
test  and  verify  that  patches  will  not  disrupt 
critical  applications. 

Patch-proxy  technology  offers  a  solution 
to  the  challenge  of  quickly  responding  to 
new  patches.  Patch-proxy  companies  offer 
functional  substitutes  for  the  original  ven¬ 
dors’  security  patches,  in  effect  providing 
proxies  for  actions  of  the  vendor  patches. 
Instead  of  testing  and  installing  vendor 
security  patches  on  servers,  a  patch  proxy 
can  be  deployed  to  mimic  the  actions  of 
patches  that  are  not  installed. 

A  patch  proxy  can  be  deployed  in  a  net¬ 
work  or  on  a  host.  The  technology  is  pri¬ 
marily  software,  though  it  also  can  be 
delivered  in  an  appliance  form  factor. 
Patch  proxies  rely  on  frequent  updates  to 
stay  current  with  patch  releases  from 
operating  system  and  application  vendors. 
These  updates  are  pulled  down  automati- 


Got  great  ideas? 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Any 

Schorr  (aschurr@nww.com). 


cally  and  deployed,  much  like  anti-virus 
updates. 

In  a  network  configuration,  the  technology 
resides  inline,  monitoring  client/server 
interactions,  intervening  when  traffic 
accesses  an  unpatched  server  application 
or  operating  system,  mimicking  how  the 
patch  would  perform  had  it  been  installed 
on  the  server.  The  patch  proxy  performs 
the  same  function  as  the  patch,  fixing  an 
error  in  the  original  program,  but  in  this 
case  making  a  change  in  the  session  on 
the  wire  and  forwarding  the  traffic  to  the 
server.  The  inline  patch  proxy  makes 
changes  to  apply  the  necessary  patches 
for  sessions  between  a  client  and  a  server; 
therefore,  it  must  maintain  all  TCP/IP  ses¬ 
sion  handshaking  yet  remain  transparent 
to  the  server  and  the  client. 

A  network-based  patch  proxy  requires  no 
software  installation  or  modification  on  the 
protected  servers.  If  signs  of  a  problem  arise 
with  an  inline  patch  proxy,  rollbacks  are 
quickly  and  easily  implemented. 

When  based  in  a  host,  a  patch  proxy 
must  be  installed  on  a  server  as  an  agent, 
monitoring  activity  from  the  application 
or  operating  system.  When  the  patch 
proxy  identifies  a  request  that  exercises 
logic  for  an  unpatched  vulnerability  the 
agent  injects  a  fix  in  the  code  that  is  exe¬ 
cuting.  Agent  installation  is  less  likely  to 
cause  disruption  to  a  server  than  frequent 
installation  of  security  patches,  though  it 
does  directly  touch  the  server  and  the 
application. 

Consider  as  an  example  Microsoft  patch 
MS04-O45,  which  fixed  a  vulnerability  in  the 
Windows  Internet  Naming  Service  (WINS) 


that  maps  IP  addresses  to  NetBIOS  comput¬ 
er  names.  A  network-based  patch  proxy  rec¬ 
ognizes  the  WINS  session  to  an  unpatched 
server  and  applies  the  patch  equivalent 
action  to  the  session  traffic,  which  in  this 
case  validates  a  key  value  in  the  request.The 
server  is  no  longer  vulnerable  to  the  MS04- 
045  vulnerability,  because  of  the  inline 
action  of  the  network-based  patch  proxy 

For  the  host-based  approach,  the  patch 
proxy  monitors  the  WINS  session  on  the 
host  by  intercepting  the  request  and  mak¬ 
ing  the  appropriate  change  to  the  key 
value  before  the  request  is  processed. 

Because  the  technology  in  both  cases 
acts  as  a  cleanser  —  allowing  all  sessions 
to  pass  but  applying  only  the  same  correc¬ 


tive  action  that  the  patch  would  have  per¬ 
formed,  it  delivers  all  of  the  value  of  the 
security  patch.  In  the  case  of  a  network- 
based  patch  proxy,  it  also  does  this  without 
requiring  disruption  to  the  server  applica¬ 
tion  with  a  (likely  unscheduled)  change 
window.  Furthermore, since  the  action  of  a 
patch  proxy  is  based  on  an  actual  vendor 
patch,  it  can  deliver  the  value  of  the  patch 
immediately  and  defend  against  any  ex¬ 
ploits  that  arise  after  the  release  of  a  secu¬ 
rity  patch. 

Kost  is  vice  president  of  product  mar¬ 
keting  and  management  for  Blue  Lane 
Technologies.  He  can  be  reached  at  fkost 
@bluelane.com. 


Ask  Dn  Internet  By  Steve  Blass 


I  understand  that  Internet  Explorer  Is  being 
changed  to  disable  the  functionality  of  the 
object,  embed  and  applet  tags  in  HTML  docu¬ 
ments.  How  can  I  make  sure  our  embedded  con¬ 
tent  still  works  the  way  we  want  it? 

You  can  replace  the  embedded  content  lines  in  your 
HTML  files  with  JavaScript  that  calls  code  outside  the 
HTML  page  to  write  the  tags  that  are  being  disabled  in 
HTML.  To  replace  one  instance  of  embedded  content 
you  can  create  an  external  JavaScript  file  that  uses  doc¬ 


ument.write  commands  to  create  the  same  lines  that 
you’re  replacing  in  the  HTML  file  with  the  call  to  the 
external  script.  For  example,  you  would  replace  <object 
classid="clsid:deadbeef...”...xparam  name-’src” 
value="mystuff.xyz"></object>  with  <script 
src="fixit.js"  language-’ JavaScript" 
type=’’text/javascript"x/script>,  and  then  you  would 
create  a  JavaScript  file  named  "f ixit.js"  containing  docu- 
mentwrite  statements  that  reproduce  the  embedded 
content  code  previously  contained  in  the  HTML  file.  For 
large  numbers  of  pages  with  embedded  content,  you 


can  create  external  JavaScript  files  that  use  parameters 
passed  in  when  you  call  the  script  to  generate  the 
HTML  code. Then  you  can  replace  the  disallowed  sec¬ 
tions  of  the  HTML  files  with  the  JavaScript  calls  using 
the  parameters  to  identify  specific  content.  Examples 
and  instructions  for  this  workaround  are  at  www.nwdoc 
f  inder.com/2930.  More  information  is  also  available  at 
www.nwdocfinder.com/2931 . 

Blass,  a  network  architect  at  Change@Work  in  Houston, 
can  be  reached  at  dr.internet@changeatwork.com. 
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I've  decided  to  change  the  rules.  From  now  on,  threats  will  be  afraid  of  me. 

Dyn  nic  Networking  from  AT&T  analyzes  real-time  traffic  over  the  AT&T  network  to  : 
pn  diet  security  threats  before  they  become  security  breaches.  With  firewalls  and 
intr  sion  protection,  the  AT&T  network  provides  Anthony  with  a  front  line  of  defense 
and  the  confidence  to  take  his  network  wherever  he  needs.  With  real-time  reporting 
of  security  issues,  potential  threats  are  on  Anthony's  radar,  but  not  on  his  network. 
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GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 


Portable  multimedia 


I.ast  week  BackSpin  touched  on  the 
immense  pain  in  the  butt  that  having 
content  in  a  proprietary  format  can 
be  if  you  want  to  use  it  on  a  system 
that  doesn’t  support  that  format. 

As  was  pointed  out,  should  you 
want  to  play  your  iTunes  digital  rights 
management-protected  music  on 
players  that  aren’t  iFbds  you  are  SOL 
unless  you  want  to  jump  through 
hoops  such  as  burning  an  audio  CD 
Mark  Gibbs  and  ripping  the  tracks  to  MP3  or 
whatever  format  you  need. 

We  have  looked  for  an  alternative  and  only  found  tools 
that  work  with  pre-iTunes  6-protected  files,  or  that  resort  to 
using  iTunes  to  play  the  file  and  grab  the  sound  card  out¬ 
put  and  save  it  in  a  file.  If  you  know  a  way  to  convert  pro¬ 
tected  iTunes  6  files  to  another  format,  let  us  know. 

The  reason  we  want  to  know  is  that  we  just  got  our  hands 
on  a  Wolverine  MVP  60GB  Fbrtable  Multimedia  Storage 
and  Player, and  we  wanted  to  load  some  music  we  just  pur¬ 
chased  from  iTunes  so  we  could  be  entertained  on  our 
next  airplane  flight.  Unless  you  guys  come  up  with  some¬ 
thing  we’ll  have  to  resort  to  our  old  content. 

The  Wolverine  weighs  10  ounces,  sports  a  good-quality 
2.5-inch,  720-by-480-pixel  color  LCD  (pictures  and  movies 
look  very  good,  and  video  at  up  to  30  frames  per  second  is 
smooth),  and  has  a  USB  2.0  interface  for  uploading  and 
downloading  content.The  Wolverine  MVP  claims  to  have  a 


battery  life  that  will  transfer  20GB  of  data,  eight  hours  of 
music  playback,  or  three  and  a  half  hours  of  video  play¬ 
back  on  a  single  charge,  but  so  far  we  haven’t  managed  to 
use  it  for  more  than  four  hours  at  a  stretch. 

Physically  the  Wolverine  is  a  little  on  the  large  side  (5.04 
by  3.01  by  1.2  inches). The  front  face  contains  the  screen 
and  controls  —  power  on  and  off,  escape  and  menu  but¬ 
tons  along  with  a  joystick. 

The  Wolverine  is,  to  say  the 
least,  versatile. 

The  Wolverine  is,  to  say  the  least,  versatile.  It  can  display 
text  files,  photos  (JPEG,  TIFF  BMP  and  some  RAW  formats), 
play  videos  (Motion-JPEG,  MPEG-1,  MPEG-4  and  xvid),and 
play  audio  content  (MP3,  WMA,  AAC  and  WAV)  as  well  as 
record  audio. 

For  anyone  who  needs  to  back  up  memory  cards  the  Wol¬ 
verine  is  really  useful.  It  has  slots  for  seven  types  of  media: 
Compact  Flash, 3.3V  MicroDrive, Secure  Digital, Multimedia 
Card,  Memory  Stick  and  Memory  Stick  Pro,  Smart  Media 
and  XD.  When  a  memory  card  is  inserted  the  Wolverine 
automatically  recognizes  it  and  pops  up  a  menu  offering  to 
back  up  the  entire  card  or  just  the  image  files  on  it. 

Two  card  slots  (SM  and  SD/MMC/MS)  are  located  on  the 
left  side  of  the  Wolverine,  along  with  a  remote-control  in¬ 
frared  sensor  port  (it  comes  with  a  remote  control),  a 
thumbwheel  for  photo  zoom  or  volume,  depending  on  the 


content  being  displayed, a  mini-USB  port, and  an  AC  power 
socket.  The  right  side  houses  a  Compact  Flash/MicroDrive 
socket  (under  a  rubber  cover)  along  with  sockets  for  audio 
in,  audio  out,  and  composite  video  out  (you  can  select 
either  phase-altering  line  or  National  Television  Standard 
Code  output). 

Aesthetically  there  isn’t  much.  The  Wolverine  is  ugly  Its 
color  is  described  as  “Ferrari  red,”  which  is  not  quite  accu¬ 
rate  —  a  loud,  cheap  plastic  red  would  be  more  accurate. 

In  fact  the  Wolverine  is  really  an  OEM  version  of  a  prod¬ 
uct  from  Asia,  the  VP6230  from  Vosonic,  which  has  a  silver 
finish  that  looks  far  more  designed  than  the  Wolverines  red 
finish.That  said,  the  overall  design  of  both  versions  is  a  little 
crude  —  the  user  interface, while  perfectly  functional, is  not 
very  slick,  and  the  physical  design  of  the  buttons  and  joy¬ 
stick  have  a  curiously  70s  feel  to  them. 

Bottom  line:  Forgetting  the  aesthetics  (or  lack  thereof), this 
is  a  cool  device.  It  performs  well  for  picture  or  movie  view¬ 
ing,  doesn’t  require  proprietary  formats,  can  back  up  many 
types  of  memory  cards  and  is  a  very  good  audio  player. You 
also  can  set  music  to  play  in  the  background  while  you  view 
photos,  and  it  has  long  battery  life. 

We  really  like  this  product  and  at  around  $200  for  the 
60GB  version  it  is  highly  competitive  with  the  60GB  Apple 
iPod  priced  at  $400. 

Now  if  you  can  just  tell  us  how  to  get  iTunes  downloads  to 
play  on  it,  we  ’ll  be  realty  happy.  Your  advice  can  be  dispensed 
on  Gibbsblog  or  drop  us  a  line  at  gearhead@gibbs.com. 


CoolTools 


Quick  takes  on  high-tech  toys.  Keith  Shaw 


The  scoop:  Flash  Wristband  (256MB),  about  $40,  from  Imation 
What  it  is:  A  USB  flash  storage  drive  with  256MB  of  capacity  the 
Flash  Wristband  is  worn  around  your  wrist  instead  of  carried  in 
your  pocket  or  on  a  key  chain.  Made  of  the  same  materials  as  those  yellow  Lance 
Armstrong  Livestrong  bracelets,  the  Flash  Wristband  is  a  flexible  option  for  carry¬ 
ing  around  your  music,  photos  or  other  assorted  files. 

Why  it’s  cool:  1  like  this  for  the  novelty  of  the  design  —  the  Flash  Wristband  enters 
the  realm  of  gadgets  that  you  can  wear.The  bracelet  is  thick  around  the  USB  port  por¬ 
tion,  but  you  can  probably  hide  that  on  the  underside  of  your  wrist.  And  if  someone 
asks  you  what  cause  you’re  supporting  by  wearing  the  wristband,  you  can  proudly 
state, “I  support  the  cause  of  proper  data  storage  backup.” 

Some  caveats:  Of  course,  saying  that  in  a  crowd  of  younger 
hipsters  might  get  you  some  strange  looks.  I  showed  the 
wristband  to  a  person  of  the  younger  generation, 
and  she  wasn’t  impressed.  Perhaps  the  colored 
wristband  fad  has  gone  away 

Grade:  ★★★V  (out  of  five) 


The  Flash  Wristband  is  a  flex¬ 
ible  option  for  carrying 
around  your  music. 


The  scoop:  Store  ‘n’  Go  USB 
HD  Drive,  8GB  capacity,  about 
$200,  from  Verbatim 
What  it  is:  A  lightweight  portable 
storage  drive  with  8GB  of  capacity 
for  all  of  your  files,  the  1. 8-ounce  Store  ‘n’  Go  fits 
snugly  in  the  palm  of  your  hand. The  drive  comes 
pre-loaded  with  Mobile  Launchpad.a  utility  that  lets 
users  download  applications  that  run  directly  from 


the  USB  drive  instead  of  the  PC  (aimed  at  *  T 
mobile  travelers  who  want  to  use  dif¬ 
ferent  PCs  and  not  leave  any  traces 
on  them).  A  4GB  version  for  $130 
also  is  available,  and  the  systems 
support  Windows  98SE  and  higher 
(except  for  NT  users),  Mac  OS  9x  and 
higher,  and  Linux  2.40  systems  and  higher. 

Why  it’s  cool:  Having  8GB  fit  in  the  palm  of 
your  hand  is  pretty  impressive,  considering  that 
average  users  won’t  reach  this  capacity  unless 
they’re  toting  around  a  lot  of  videos. The  USB  port 
and  cable  pulls  out  from  the  device  and  can  be  re¬ 
attached  for  portability 

Some  caveats:  On  one  of  my  systems  (a  Windows 
XP  laptop),  I  had  some  problems  with  the  Mobile 

Launchpad  (software  provided  by  Ceedo)  —  an  annoying  pop-up  window  kept 
interrupting  my  ability  to  download  applications  and  run  the  Ceedo  application. 
Apparently  there  was  a  conflict  with  another  application  running  on  the  Windows 
XP  system,  but  I  could  not  fix  the  problem  or  figure  out  a  workaround.  I  switched 
the  USB  device  to  a  Windows  2000  system  and  got  a  similar  pop-up  window,  but 
this  time  the  window  suggested  that  in  order  to  browse  through  the  Ceedo  appli¬ 
cation,  I  would  have  to  close  the  other  browser  windows  already  open  on  the  PC. 
I  suppose  that  it’s  better  to  be  safe  than  sorry  and  give  users  the  warning  message, 
but  the  wording  of  the  text,  and  the  annoying  nature  of  the  pop-up  windows  on 
my  Windows  XP  system,  made  the  experience  less  than  enjoyable.  I  never  thought 
I’d  be  happier  running  an  application  on  Windows  2000  than  on  XRbut  1  was  in 
this  case. 

Grade: 


Store  ‘n’  Go  USB  HD  Drive 
fits  in  the  palm  of  your 
hand  and  stores  8GB  of 
data. 


Shaw  can  be  reached  at  kshaw@nww.com. 
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Each  week  Network  World  delivers  an 


extensive  line-up  of  product,  service  and 
industry  news,  analysis,  case  studies,  buyer's 
guides,  expert  opinion  and  management 
advice  that  Network  IT  Executives  rely  on 
to  get  their  job  done. 

Your  FREE  subscription 
will  include ... 

•  New  product  information  and  reviews  that  break 
through  vendor  hype  and  put  you  in  control  of  your 
technology  purchases 

•  Implementation  strategies  and  security  tips  and  tricks 
that  you  can  use  to  improve  your  infrastructure  and 
boost  your  company's  competitive  standing 

•  Tried-and-true  management  strategies  to  help  you 
boost  your  network  career 

•  An  insider's  view  on  how  your  competitors  are  using 
new  technology  to  their  business  advantage 

Plus  our  Special  Signature  Series 
Issues — Each  Signature  Series  issue  provides  insights, 
opinions  and  information  on  an  important  aspect  of  the 
industry  to  give  you  the  clearest  picture  of  the  current 
trends  and  trendsetters  in  the  Network  IT  market. 


To  subscribe  visit: 

apply,  nww.com/free05 


Network  World,  Inc.,  118  Turnpike  Road,  Southborough,  MA  01772  (508)460-3333 


THIS  NETWORK 


STEERS  CLEAR 
OF  DANGER 


MICROSOFT.COM/SECURITY/IT 

Microsoft' 


Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security/IT 


►  Free  Tools  and  Updates:  Streamline  patch  management 
with  automated  tools  like  Windows  Server™  Update  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft*  Baseline  Security  Analyzer. 

►  Microsoft  Security  Assessment  Tool:  Complete  this  free, 
online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


*•  Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen*  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content. 

►  Learning  Paths  for  Security:  Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet. 


C  2005  Microsoft  Corporation.  All  rights  reserved  Microsoft,  Antigen,  and  Windows  Server  are  either 
registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Microsoft 
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Linux  on  desktop 
warming  up 

Linux  on  the  desktop  is  still  mostly  a  pipe  dream  because 
few  large  organizations  are  ready  to  make  the  switch, 
but  that  didn’t  seem  to  dampen  the  enthusiasm  of  pro¬ 
ponents  at  the  LinuxWorld  conference  in  Boston  last  week. 

In  a  panel  discussion  on  the  topic,  representatives  from  a 
range  of  vendors  said  Linux  on  the  desktop  is  becoming 
more  feasible.  Intel  and  Advanced  Micro  Devices  representa¬ 
tives,  for  example,  pointed  out  that  schools  in  South  America, 
India  and  Europe  are  early  adopters. 

And  Greg  Kelleher,  senior  program  manager  of  IBM’s  World¬ 
wide  Linux  Desktop  Strategy,  argued  that  desktop  Linux  is 
perfectly  appropriate  for  some  segments  of  the  domestic 
workforce,  particularly  transactional  workers,  who  typically 
live  in  one  application  most  of  the  day 
John  Cherry  manager  of  the  Desktop  Linux  Initiative  for  the 
Open  Source  Development  Labs  (OSDL),told  attendees  his 
group  just  made  available  a  technology  preview  release  of  a 
set  of  common  interfaces  for  Gnome  and  KDE,two  popular 
Linux-based  desktop  environments. 

This  is  the  first  fruit  of  OSDL’s  Portland  Project,  which  “in¬ 
tends  to  generate  a  common  set  of  Linux  desktop  interfaces 
and  tools  to  allow  all  applications  to  easily  integrate  with  the 
free  desktop  configuration”  users  choose.  Portland  is  ex¬ 
pected  to  encourage  independent  software  vendors  to  step 
up  their  work  on  desktop  offerings. 

Why  adopt  Linux  on  the  desktop?  In  a  session  about 
migrating  Windows  environments  to  Linux,  Jon  Walker, 

CTO  of  migration  tool  vendor  Versora,  listed  a  handful  of 
reasons:  security,  usability,  cost,  avoiding  vendor  lock-in, 
and  license  leverage.  But  he  cautioned  buyers  primarily 
motivated  by  savings  to  think  again:“if  cost  is  the  No.  1  rea¬ 
son  you’re  looking  at  Linux  on  the  desktop,  you’re  going  to 
be  disappointed.” 

A  first  step  in  any  migration  is  choosing  a  Linux  desktop 
distribution, of  which  there  are  hundreds.  Walker  likes  to 
group  them  by  what  he  calls  their  core  philosophies:  enter¬ 
prise  offerings  include  SuSE  and  Red  Hat;  pure  open  source 
offerings  such  as  Debian;  versions  that  are  similar  to  Win¬ 
dows  such  as  Xandros;  and  distributions  known  for  ease  of 
use  such  as  Ubunut  and  Mepis. 

Other  questions  to  consider  include  applications  sup¬ 
ported,  maintenance  and  support  offered,  frequency  of  up¬ 
dates,  ease  of  use  and  cost,  Walker  says. 

Migration  costs  for  one  Versora  customer  with  1,500  desk¬ 
tops  broke  down  this  way:  macro  redevelopment,  1%  of 
costs;  training  and  support,  2%;  indirect  user  expenses  such 
as  downtime  and  help  desk  calls,  46%;  and  migration  cost, 
5l%.The  customer  calculated  an  ROl  of  three  years. 

Tli at  makes  desktop  Linux  less  dream-like. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


National  broadband  policy  needed 

Regarding  Johna  Till  Johnson’s  column  “Keep  the 
feds  out  of  broadband”  (www.nwdocfinder.com/ 
2922):  I  believe  Johnson  may  not  have  considered 
the  reasons  that  a  national  broadband  implementa¬ 
tion  policy  could  be  a  good  thing  —  perhaps  even  a 
necessary  thing. 

Johnson  asks,“ . . .  who  are  we  to  dictate  how  peo¬ 
ple  should  spend  their  money?”  Just  as  it  was  de¬ 
cided  in  1934  that  telephone  access  should  be  uni¬ 
versal,  it  did  not  mandate  that  everyone  had  to  pur¬ 
chase  a  telephone.  The  same  concept  is  true  of 
broadband.  As  non-broadband  access  continues  to 
become  more  useless,  broadband  access  will  be¬ 
come  a  practical  necessity  just  as  the  telephone  has. 
Without  access  to  a  broadband  connection,  it  could 
very  well  become  impossible  to  transact  business  or 
interact  with  a  government  agency 

A  well-crafted  national  broadband  policy  could  be 
just  as  useful  today  as  universal  telephone  access 
was  in  1934  to  ensure  that  every  American  has  the 
choice  to  purchase  and  make  use  of  a  broadband  In¬ 
ternet  connection. 

I  agree  that  the  Universal  Service  Fund  has  had 
some  management  issues,  but  that  does  not  mean 
we  should  stop  making  policies  or  spending  tax¬ 
payer  dollars  on  public  projects  that  benefit  U.S.  citi¬ 
zens  no  matter  where  they  live.  Without  a  national 
broadband  policy,  there  is  no  incentive  or  require¬ 
ment  for  broadband  providers  to  supply  access  to 
people  who  live  in  areas  that  would  be  unprofitable 
for  the  private  sector  to  wire  for  broadband. 

Larre  Shiller 
Baltimore 

There  are  many  places  where  DSL  is  not  available, 
cable  is  not  available  and  cell  phone  coverage  is  hit- 
or-miss.  Not  everyone  lives  in  New  York  City  Com¬ 


pared  with  Europe,  we  look  like  a  banana  republic. 
There  is  only  one  phone  company  choice  for  local 
service  and  one  cable  company  (no  choice)  in 
many  areas.  If  the  political  system  is  corrupt,  the 
answer  is  to  fix  it,  not  outlaw  laws. 

The  free  market  is  only  after  a  quick  buck.  Com¬ 
panies  receiving  a  monopoly  to  provide  services 
should  be  forced  to  provide  them  to  all  people  in 
the  area,  and  not  cherry-pick  high-profit  sites  and 
block  other  companies  from  servicing  the  area  be¬ 
cause  their  lawyers  were  smarter  than  the  local 
politicians  who  gave  away  their  citizens’  rights. 

Walt  Adam 
Auburn  Hills,  Mich. 

Let  the  market  decide 

Regarding  Mark  Gibbs’  BackSpin  column  “Who 
should  control  the  ’Net?”  (www.nwdocfinder.com/ 
2923):  While  I  agree  that  the  Internet  Corporation  for 
Assigned  Names  and  Numbers  (ICANN)  is  an  alba¬ 
tross,  Gibbs’  idea  of  the  United  Nations  controlling 
the  Internet  is  madness.Turning  anything  over  to  the 
U.N.  is  a  recipe  for  disaster. 

Let  market  evolution  decide  the  Internet’s  fate. 
Eventually,  parts  of  the  ’Net  will  collapse  under  the 
strain,  and  something  better  will  rise  from  the  ashes. 

I  hope  we  geeks  finally  will  complete  a  nation¬ 
wide  wireless  network  in  the  spirit  of  the  original 
Internet  to  get  out  of  the  over-commercialized, 
over-controlled  Internet.  ICANN  can  manage  what- 
ever’s  left. 

Kendall  Sears 
President 

Technology  Resources  Development  Consulting 

Mauckport,  Ind. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  II 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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BOTTOM  LINE 
Joel  Snyder 


When  a  product  is  better  than  the  company 


As  a  product  tester,  I  always  tell  people:  The 
product  speaks  for  itself.  White  papers,  cus¬ 
tomer  wins,  marketing  spin:  None  of  that 
counts.  1  don’t  have  to  be  convinced  by  a  public 
relations  person  that  the  product  is  good, 
because  good  products  prove  themselves  in  our 
lab. In  2004, when  I  last  tested  mail  security  appli¬ 
ances,  CipherTrusts  IronMail  was  on  our  short 
list  as  a  top  finalist.  It’s  a  good  product,  and  it 
proved  itself  in  our  labs. 

There’s  something  we  didn’t  tell  you  about  that 
test,  though.  After  the  test  was  underway, 
CipherTrust  engineers  logged  on  to  our  test  bed 
(I  had  forgotten  to  close  the  hole  in  the  firewall 
we  had  opened  so  that  they  could  help  with 
installation),  changed  the  passwords  on  the 
IronMail  system  and  shut  it  down.  We  found  out 
about  it  a  few  hours  later,  not  because  they  told 
us,  but  because  our  monitoring  systems  saw  the 
outage.  It  was  an  unprecedented  action  on  the 
part  of  a  vendor.  CipherTrust  explained  it  as  a 
miscommunication  —  they  were  monitoring  the 
results  and  weren’t  getting  the  effectiveness  they 
had  expected,  and  someone  panicked  and 
ordered  the  shutdown.  After  some  tense  and 
angry  negotiations,  we  put  them  back  in  the  test. 


We  didn’t  write  about  it  because,  well, “products 
speak  for  themselves.” 

I  had  forgotten  about  it  until  recently  when  a 
consulting  customer  hired  me  to  help  select  an  e- 
mail  security  appliance.  CipherTrust  was  on  their 
short  list,  and  they  asked  us  to  do  extended  and 
intensive  testing  of  a  few  products.  We  decided  to 
buy  some  products,  including  the  CipherTrust  sys¬ 
tem,  to  give  us  freedom  in  our  testing  and  report- 

Tests  aren’t  enough.  It’s 
important  to  investigate  all 
those  peripheral  aspects 
of  the  vendor  before  you 
sign  a  purchase  order. 

ing.  That  seemed  easy  enough,  except  that 
CipherTrust  wouldn’t  let  us  buy  a  box. 

The  salesperson  was  ready  to  give  us  a  local 
value-added  reseller  (VAR)  so  we  could  buy  the 
$5,000  unit.  But  then  he  passed  me  over  to 
CipherTrust  PR,  which  passed  me  over  to  the 
vice  president  of  sales,  who  passed  me  to  a 
fourth  person  so  we  could  apply  to  be  a  member 


of  their  partner  program. This  was  getting  ridicu¬ 
lous, so  I  explained  again  that  1  simply  wanted  to 
buy  a  box  for  my  own  company  to  use.This  time, 
silence.  No  reply. 

After  waiting  a  week,  I  found  a  VAR  and 
ordered  a  system.  Then  the  VAR  called  back: 
CipherTrust  refused  to  fill  the  order.  Why  is 
CipherTrust  unwilling  to  sell  me  a  box?  I  don’t 
know;  they  aren’t  talking. 

More  frightening  than  my  experience  is  the 
possibility  that  the  company  might  do  this  to  an 
existing  customer.  What  good  is  a  security  prod¬ 
uct  if  the  vendor  refuses  to  sell  you  service  on  it? 
Without  updates,  most  of  these  products  are 
barely  useful  as  doorstops. 

In  our  tests,  we  look  at  products,  not  companies. 
Things  such  as  training,  finances  and  corporate 
style  don’t  come  into  it.  But  when  it  comes  to  buy¬ 
ing  products,  our  tests  aren’t  enough.  It’s  impor¬ 
tant  to  investigate  all  those  peripheral  aspects  of 
the  vendor  before  you  sign  a  purchase  order.  I  was 
reminded  of  that  the  hard  way 

Snyder,  a  Network  World  Test  Alliance  partner,  is 
a  senior  partner  at  Opus  One  in  Tucson,  Ariz.  He 
can  be  reached  at  Joel.Snyder@opusl  .com. 


Thomas  Nolle 


Will  the  AT&T-fiellSouth  merger  hurt  IP  IV? 


The  term  IP  TV  can  mean  a  range  of  things, 
but  to  most  people  in  networking  it  means 
AT&T’s  Project  Lightspeed.  Promising  broad¬ 
cast  channels  over  IP  using  multicast  technology 
Lightspeed  would  drive  a  radical  shift  in  metro¬ 
politan  and  access  networking.  It’s  no  wonder 
people  are  speculating  about  the  effect  AT&T’s 
acquisition  of  BellSouth  will  have  on  Lightspeed. 
Although  most  think  it  will  be  positive,  they’re 
probably  wrong. 

There  are  three  possible  reasons  why  AT&T 
wanted  BellSouth.The  first  is  the  Cingular  mobile 
service  the  two  companies  own:  AT&T  buys 
BellSouth  and  gets  it  all.The  second  is  economies 
of  scale:  consolidation  in  an  industry  under  con¬ 
tinuous  price  and  margin  pressure. The  third  is  to 
obtain  BellSouth’s  customers  to  exploit  them  for 
existing  and  new  services.  Obviously  if  the  merger 
is  to  promote  IP  TV  reason  No.  3  has  to  dominate. 

Wireless  has  been  more  profitable  than  wireline 
or  broadband  for  U.S.  carriers  overall.  AT&T  and 
BellSouth’s  joint  ownership  of  Cingular  may  have 
limited  AT&Ts  willingness  to  throw  capital  at  the 
wireless  venture. Spectrum  investment  could  be  a 
priority  in  the  next  several  years.  The  FCC  is 
promising  to  open  up  new  space  for  wireless  ser¬ 
vices,  and  what  Cingular  doesn’t  get  will  become 
available  to  competitors.  Lose  spectrum  space  to 
a  wireless  competitor,  and  it  haunts  you  forever. 
AT&T  might  well  want  to  focus  its  investment  dol¬ 
lars  on  buying  up  as  much  spectrum  as  possible. 

Then  there’s  fixed/mobile  convergence  (FMC). 
One  application  of  FMC  is  to  offer  customers  the 
ability  to  transfer  calls  between  home  and  office 
phones  and  cellular  seamlessly  using  3GAVi-Fi 


dual-mode  instruments. This  makes  both  wireless 
and  wireline  voice  stickier,  meaning  it’s  harder  for 
competitors  to  steal  customers.  Owning  all  of 
Cingular  lets  AT&T  gain  all  the  benefits  of  any 
FMC  investment  it  makes. 

Consolidation  also  makes  sense  as  a  reason  for 
the  merger.  AT&T  has  indicated  $2  billion  could 
be  saved  through  operational  consolidation. 
Since  the  collapse  of  the  dot-com  bubble,  Wall 
Street  has  tended  to  reward  companies  more  for 
reducing  cost  than  for  investing  to  obtain  future 
profits.  The  merger  could  help  consolidate  long- 
haul  voice  and  data  costs,  letting  AT&T  funnel  all 
its  traffic  onto  a  common  national  backbone. 

Lose  spectrum  space  to  a 
wireless  competitor,  and  it 
haunts  you  forever. 

But  how  about  the  customer  base?  At  the  busi¬ 
ness  level, BellSouth’s  doesn’t  look  that  promising. 
My  statistics  indicate  the  BellSouth  region  con¬ 
tains  only  about  1 1%  of  enterprise  headquarters 
sites.  Most  enterprise  services  are  purchased 
where  a  company  is  headquartered.  Furthermore, 
business  service  revenues  have  been  consistently 
trending  downward,  so  unless  AT&T  has  some 
magical  approach  to  reversing  this  trend,  buying 
more  business  customers  means  buying  losses. 

That  leaves  the  residential  base  and  IP  TV  It’s 
pretty  clear  the  opportunities  in  IP  TV  are  related 
to  the  number  of  a  territory’s  households  and 
their  overall  distribution  by  income  level.  What 
you’d  like  to  see  in  an  IP  TV  prospect  base  is  a 


bunch  of  yuppie  households  dedicated  to  the  lat¬ 
est  gadgets  and  eager  to  spend  their  disposable 
income  on  new  stuff  like  video  content.  Does  that 
describe  BellSouth’s  territory? 

It  doesn’t  describe  even  AT&T’s  current  territory 
all  that  well.  The  median  household  income  in 
Verizon’s  territory  is  a  bit  more  than  $60,000.  For 
AT&T  that  number  is  $52,000, and  for  BellSouth  it’s 
about  $45,000.  No  state  in  BellSouth’s  territory  has 
a  median  income  matching  the  AT&T  territory’s 
average,  and  only  one  Verizon  state  has  a  median 
income  lower  than  that  in  BellSouth’s  states. 

The  relationship  between  household  income 
and  IP  TV  potential  is  controversial,  with  many 
believing  the  RBOCs  are  cherry-picking  upper- 
income  and  avoiding  lower-income  areas.  Such  a 
move  would  seem  to  violate  current  regulations, 
but  the  fact  is,  target  locations  for  RBOC  video 
deployment  have  been  a  bit  upper  crust.  Given 
this,  how  can  you  justify  believing  that  the 
BellSouth  territory’s  income  would  promote  more 
IP  TV  deployment? 

Bottom  line,  the  AT&T  and  BellSouth  states’ com¬ 
bined  prospect  base  is  a  more  difficult  market  for 
IP  TV  than  the  AT&T  states’  base  alone.  Lightspeed 
was  supposed  to  roll  out  last  year,  then  early  this 
year,  then  late  this  year . . .  and  this  was  before  the 
BellSouth  deal.  It’s  just  not  logical  to  believe 
adding  BellSouth  to  the  mix  will  change  things  for 
the  better.  Lightspeed  s  future  is  getting  darker. 

Nolle  is  president  of  CIMI  Corp.,  a  technology 
assessment  firm  in  Voorhees,  N.J.  He  can  be 
reached  at  (856)  753-0004  or  tnolle@cimi 
corp.com. 
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May  17-19,  2006 

Hyatt  Regency 

Reston,  Virginia 


Benefits  ■  Innovations  -  Solutions 


The  U.S.  Federal  Government  has  mandated  the  adoption 
of  the  New  Internet  (Internet  Protocol  version  6,  or  IPv6), 
the  massive  upgrade  of  the  existing  IPv4  standard,  in 
use  since  1973.  The  transition  to  IPv6  offers  major 
opportunities  -  and  challenges  -  for  every  Federal 
department,  which  will  be  identified  and  discussed  by 
experts  in  this  unique  conference. 

The  Federal  IPv6  Summit  will  feature  senior  political  and 
military  leaders,  IT  organization  executives,  ISPs  and 
first  responders  -  who  will  identify  their  visions  of  how 
the  government  will  benefit  from  IPv6,  how  this  transition 
will  take  place,  and  what  roles  industry  should  pursue. 


This  is  a  must-attend  event,  especially  for 
those  working  for  or  in  support  of  the  US 
Federal  government. 

There  will  also  be 
demonstrations  of  new 
IPv6  applications,  including 
up-to-the-  minute  reports 
on  the  first  IPv6/WLAN  city 
in  America! 

REGISTER  ONLINE: 

Q)  federalipv6summit.com 


Alex  Lightman 

Chairman, 

Federal  IPv6  Summit  2006 


Wednesday,  May  17 

IPv6  Workshops 

Thursday,  May  18 

Keynotes  and  Panels 

Friday,  May  1  9 

Keynotes  and  Panels 

■  IPv6  Transition  Management  Track 

■  IPv6  Technical  Track 

■  IPv6  as  the  Foundation  for  Federal  Interoperability 

■  IPv6  Benefits  for  Enterprise-Centric  Government 

■  IPv6  Working  Group  for  CIO  Council 

■  Building  IPv6  into  the  Enterprise  Architecture 

■  Innovation  via  IPv6 

■  Virginia  shows  IPv6  Leadership 

■  First  Responder  Requirements  &  Applications 

■  Katrina  Panel:  ERM  and  IPv6 
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Transitioning  to  IPv6 


BY  ANN  BEDNARZ 

here’s  a  forum  on  the  Securities  and 
Exchange  Commission  Web  site  where  a 
company  can  comment  on  its  experiences 
implementing  the  control  provisions  required 
by  Section  404  of  the  Sarbanes-Oxley  Act. 
Dozens  of  executives  have  filed  comments  — 
many  of  which  describe  unreasonably  onerous,  expen¬ 
sive  c  mnpliance  efforts. 


*  ^ “ 

“Based  on  our  own  experiences  and  the  experiences  of  our  peers,  we  believe  that 
the  effort  and  costs  to  comply  with  the  standard  have  been  extraordinary,”  said  Paul 
Zeller,  vice  president  and  CFO  of  Imation  in  Oakdale,  Minn  ,  in  a  statement.  “We  have 
incurred  approximately  $1  million  in  external  costs  and  substantially  more  in  inter¬ 
nal  costs,  such  that  total  SOX  costs  approximate  5%  of  our  2004  operating  income.” 

William  Krepick,  CEO  of  Macrovision  in  Santa  Clara,  describes  spending  $11  mil¬ 
lion  to  hire  outside  consultants  and  $1.2  million  to  pay  incremental  audit  costs  to  its 
public  accounting  firm  during  a  two-year  period  that  ended  last  March.  In  addition, 
the  company  has  spent  thousands  of  man-hours  to  implement  Section  404,  which 
has  diverted  attention  from  other  company  projects,  according  to  Krepick.  v 

"These  distractions  have  resulted  in  delays  in  our  investments  in  new  projects  and  „  : J 

new  technologies  that  would  otherwise  make  our  company  more  profitable  and  Zig U 

See  SOX,  page  48  / yAjj 
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.INFRASTRUCTURE  LOG 


_DAY  8:  I  give  up.  Our  inf restructure  is  so  inflexible. 
Our  apps  and  processes  don’t  work  together.  We  can’t 
respond  quickly  to  change.  It’s  out  of  control. 

_Gil  had  an  epiphany.  Duct  tape.  A  few  dozen  rolls  later 
and  he’s  integrated  everything,  and  everyone,  by  hand. 

_DAY  10:  Duct  tape  can  fix  many  things.  Basketballs. 
Sofas.  Doorknobs.  But  not  widespread  app  and  process 
inflexibility. 

_DAY  13:  I’ve  found  something  better:  IBM  WebSphere 
middleware.  It’ll  make  our  infrastructure  more  flexible 
by  seamlessly  integrating  our  apps.  We  can  change 
processes  in  a  snap  and  use  what  we  already  have — 
even  apps  from  SAP  and  Oracle.  And  with  IBM’s  industry- 
specific  expertise,  we’re  on  our  way  to  enabling  a 
service-oriented  architecture. 

_Hmmmm .. .WebSphere.  More  powerful  than  duct  tape. 


Download  our  IBM  SOA  assessment  tool  at: 

IBM.COM/TAKEBACKCONTROL/SOA 
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The  high  rest  of  compliance 

Ernst  &  Young  surveyed  255  companies  with 
two  years  of  Section  404  compliance  under  their 
belts.  Respondents  shared  details  about  what 
it  took  to  achieve  initial  compliance. 

The  big  fix 

Among  respondents,  13%  had  to  fix  more  than 
500  controls. 


Number  of  control  deficiencies  remediated: 


Problem  area:  IT 


501  to  1,000 

10% 


More  than  1,000 

3% 


251  to  500 

14% 


Among  respondents,  72%  said  that  IT  was  a  key 
area  in  need  of  remediation. 

Section  404-related  controls  that  were  IT-based: 


Types  of  IT  internal  control  issues: 


Data  protection  18% 

Change  controls  20% 
Infrastructure  21%  — 


Laboring  in  obscurity 


More  than  half  of  respondents  invested  between 
10,000  and  50,000  hours  to  comply. 

Level  of  effort  in  hours: 

10,000  to 
25,000 

-  30% 

Fewer 
than 
10,000 

-  22% 

Paying  the  price 

More  than  half  of  respondents  spent  between 
$1  million  and  $5  million  to  comply. 


Total  Section  404  costs 

Greater  than  S25  million  6% — 


S10  million  to  - 
S25  million  11% 


S5  million  to 
S10  million  10% 


Less  than  $1  million  10% 


SI  million  to 
S2.5  million 

—  29% 

S2.5  million 
to  S5  million 

—  24% 


SOX 

continued  from  page  45 

more  competitive,  which  we  believe  our  stockholders 
would  rather  have  us  focus  on  than  creating  massive 
amounts  of  paperwork  to  document  SOX  404  compli¬ 
ance,”  Krepick  comments. 

Since  the  passage  of  SOX  in  2002,  companies  have 
complained  about  the  legislation  designed  to  help 
restore  investor  confidence  in  the  wake  of  accounting 
scandals  at  Enron  and  WorldCom.  The  source  of  many 
complaints  is  Section  404,  which  requires  companies  to 
attest  to  the  effectiveness  of  internal  controls  to  safe¬ 
guard  systems  and  processes  related  to  financial 
reporting. 

Under  the  SEC’s  two-tier  approach,  the  largest  public 
companies  had  to  begin  complying  following  their  first 
fiscal  year  that  ended  after  Nov.  15,  2004.  The  SEC 
extended  the  deadline  for  smaller  public  companies 
until  July  2007,  following  a  backlash  from  companies 
that  said  the  requirements  are  too  onerous. 

Money  for  nothing 

Meanwhile,  analysts  have  tried  to  come  up  with 
guidelines  on  how  much  it  costs  a  company  to  comply 
with  SOX.The  rule  of  thumb  has  been  an  average  of  $1 
million  in  SOX  expenses  for  every  $1  billion  in  revenue. 

Those  numbers  have  held  fairly  firm  over  the  last  cou¬ 
ple  of  years,  on  average,  but  there’s  a  lot  of  variation 
among  companies  when  it  comes  to  the  effort  and 
expense  required  to  comply,  says  John  Hagerty,  an  ana¬ 
lyst  at  AMR  Research. 

“A  lot  of  it  has  to  do  with  how  a  company  is  orga¬ 
nized,”  Hagerty  says.  “If  a  company  is  very  centrally 
managed,  then  they  do  it  once  and  it  applies  to  every¬ 
body.  If  a  company  is  decentralized,  there’s  a  very  good 
chance  they  have  to  repeat  the  same  process  in  every 
location.” 

Collectively,  companies  spent  $2.5  billion  on  SOX 
compliance  in  2003,  $5.5  billion  in  2004  and  $6.1  bil¬ 
lion  in  2005,  according  to  AMR.  The  firm  estimates 
spending  will  reach  $6  billion  this  year,  divided  among 
internal  labor  (39%),  technology  (32%)  and  external 
consulting  (29%)  expenses. 

Where  the  money  comes  from  can  be  tough  to  track. 
Some  may  come  from  a  company’s  general  operating 
budget,  other  money  from  IT,  financial  and  auditing 
department  budgets.  “The  budget  is  really  spread  in  a 
lot  of  different  places,”  Hagerty  says. 

What’s  clear  is  that  compliance  efforts  will  consume  a 
significant  portion  of  IT  resources. The  majority  of  CIOs 
expect  10%  or  more  of  their  2006  IT  budget  to  be  dedi¬ 
cated  to  SOX-based  compliance,  according  to  Gartner 
research. 

Often  that  means  IT  projects  without  a  compliance 
payotf  get  relegated  to  the  back  burner.  “Twenty-seven 
percent  of  CIOs  are  saying  that  they’re  getting  dedi¬ 
cated  funding  for  compliance  for  2006,  22%  say  they 
don’t  know  where  the  money  is  going  to  come  from, 
and  the  rest  are  getting  the  money  by  deferring  other 
projects,  that  sort  of  thing,”  says  French  Caldwell,  a 
research  vice  president  at  Gartner. 

The  good  news  is  that  as  public  companies  accumu¬ 
late  SOX  experience,  the  price  tag  for  compliance  is 
expected  to  decrease  gradually.  “It  is  getting  cheaper. 
We’re  seeing  an  increase  in  IT  budgets  [dedicated  to 
SOX  projects] ,  but  that’s  more  than  being  offset  by  the 
decrease  in  what  companies  are  going  to  be  paying 
consultants  and  auditors,”  Caldwell  says. 


First  cut  is  the  deepest 

Mark  Guth,  manager  of  IT  networks  at  Nicor  Gas  in 
Naperville,  Ill.,  estimates  SOX  compliance  accounted 
for  about  2%  of  operational  expenses  in  the  IT  depart¬ 
ment  in  2005.  That’s  down  from  the  year  before,  when 
the  natural  gas  distribution  company  started  its  SOX 
efforts  in  earnest. 

“What  we  discovered  is  that  there’s  a  very  high  entry 
cost  to  comply”  Guth  says.  “Once  we  adopted  proce¬ 
dures  and  made  it  part  of  our  normal  monthly  and 
quarterly  routines,  we  dropped  the  manpower  require¬ 
ments  by  almost  90%.” 

In  2004,  Nicor’s  IT  department  spent  about  8,500 
hours  to  set  up,  test  and  work  through  compliance 
issues.“In  2005  it  took  us  only  about  900  man-hours  to 
execute  all  those  tests, compile  the  results  and  be  at  the 
same  level  of  compliance  that  we  were  in  2004.  In  fact, 
we  were  better  off  in  2005  from  a  compliance  stand¬ 
point,”  Guth  says. 

One  tool  that  helped  is  the  ArcSight  Enterprise 
Security  Manager,  which  collects  and  analyzes  security 
data  from  devices  such  as  firewalls,  routers,  switches 
and  servers.  Nicor  uses  it  to  correlate  relevant  security 
information  and  assess  vulnerabilities  —  in  particular 
with  respect  to  system  access  requests. 

The  ArcSight  software  isn’t  solely  responsible  for  the 
90%  drop  in  manpower,  but  it  has  helped  Nicor  to  spot 
potential  security  issues  more  quickly  and  correct 
them  before  they  multiply  and  require  more  resources 
to  handle,  Guth  says.“We’ve  been  able  to  clean  up  our 
security  event  log  to  the  point  where  we  feel  much 
more  confident  about  what’s  traveling  around  the  net¬ 
work  and  where  we  stand  with  respect  to  compliance.” 

Micros  Systems  of  Columbia,  Md.,  also  found  compli¬ 
ance  costs  fell  after  the  first  year.  Micros’  tab  for  com¬ 
plying  with  SOX  was  in  the  range  of  $3  million  to  $4  mil¬ 
lion  in  2004.  For  2005,  Micros  shaved  off  at  least  one- 
third  of  those  costs,  says  Carmen  Requena,  an  internal 
auditor  at  the  company,  which  makes  software  for 
restaurants,  hotels,  casinos  and  retailers.  “A  lot  of  extra 
effort  had  to  be  put  in  the  first  year,”  she  says. 

To  help  with  the  effort,  Micros  deployed  software  from 
OpenPages,  which  helps  manage  internal  controls  doc¬ 
umentation  and  certification  processes  across  all  of 
Micros’  60  worldwide  divisions. 

The  company  also  reduced  professional  services 
expenses  by  establishing  an  internal  SOX  audit  team 
and  merging  the  group  with  Micros’  internal  financial 
auditing  department,  Requena  says.  Everyone  is 
smarter  about  SOX  requirements  in  general,  so  the 
auditors  —  internal  and  external  —  are  more  in  sync 
about  what  types  of  controls  need  to  be  in  place  and 
tested. 

“Last  year  was  almost  like  an  ongoing,  continual 
audit,”  Requena  says.  “There  was  always  someone  ask¬ 
ing  for  something.”  This  year  will  go  more  smoothly, 
because  internal  and  external  auditors  are  clearer 
about  what  they’re  looking  for,  she  says. 

Productivity  takes  a  hit 

For  IT,  the  SOX  burden  isn’t  just  about  diverting  staff 
and  funds  to  compliance-related  projects.  In  some 
cases,  compliance  takes  a  serious  toll  on  IT  produc¬ 
tivity. 

Archer  Daniels  Midland  Investor  Services  (ADMIS),  a 
Chicago  financial  services  company,  is  a  subsidiary  of 
the  $35  billion  agricultural  processor,  ADM. 

While  parent  company  ADM  coordinates  all  SOX 

See  SOX,  page  50 
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continued  from  page  48 

compliance  efforts  for  the  entire  business,  ADM1S  oper¬ 
ates  its  own  IT  systems  and  is  responsible  for  executing 
the  compliance  provisions  required.  “In  the  past  it’s 
been  a  huge  advantage  because  we  are  a  smaller  shop 
and  we  could  move  faster  and  quicker  and  bring  things 
into  a  production  mode  a  lot  quicker  than  a  huge  shop 
because  we’re  more  flexible,”  says  Sam  Helmich,  vice 
president  of  technology  at  ADMIS.“Well,  we’ve  lost  that 
productivity.” 

Because  of  the  processes  ADMIS  had  to  put  in  place 
for  SOX,  Helmich’s  15-person  staff  spends  a  lot  more 
time  doing  paperwork,  waiting  for  approvals  and  hand¬ 
ing  off  projects  —  to  avoid  creating  a  segregation-of- 
duties  conflict  —  instead  of  seeing  them  through  to 
completion.“It’s  a  time  drain,” Helmich  says.“Because  of 
SOX,  my  team’s  productivity  has  dropped  20%.” 

Segregation-of-duties  issues  also  drove  up  spending 
on  IT  gear  at  ADMIS.  Helmich  has  to  provide  separate 
systems  for  development  and  testing  that  aren’t  tied  to 
production  systems.  “I  can’t  have  developers  running 
on  the  same  system.  Even  though  they  were  segregated 
and  couldn’t  affect  production  data,  I  couldn’t  have 
them  even  accessing  the  same  system,”  he  says. 

That  meant  spending  about  $500,000  to  upgrade  the 
firm’s  IBM  AS/400  systems  last  year.“I  ended  up  buying 
a  machine  that’s  three  or  four  times  more  powerful 
than  what  I  really  would  have  needed  so  that  I  could 
create  LPARs  —  virtual  logical  machines  —  so  that 
there’s  total  segregation  between  development,  testing 
and  production  environments,”  Helmich  says. 

Helmich  also  had  to  buy  more  Intel  servers  for  his 
development  environments.  Having  more  boxes  and 
more  complex  gear  to  manage  adds  to  the  SOX  tally.“It 
takes  more  systems  management  time  to  handle  more 
systems  and  keep  everything  segregated,”  he  says.“It’s  a 
trickle-down  effect.” 

One  bright  spot  is  that  Helmich  has  found  ways  to  sat¬ 
isfy  some  requirements  using  software  he  already  had. 

ADMIS  has  been  using  Team  2,  a  task-management 
application  from  software  maker  Alexsys,  since  1998  to 
keep  track  of  help  desk  tickets  and  work  orders. 
Helmich  found  he  can  manipulate  the  software’s  rules 
engine  to  create  some  of  the  process  controls  and 
audit  trails  he  needs  for  SOX  compliance. 

For  example,  ADMIS  is  using  Team  2  to  track  requests 
for  software  development  and  programming  projects. 
The  software  creates  an  electronic  trail  that  starts  with 
a  work  request  and  runs  through  the  project  design, 
testing,  implementation  and  post-rollout  phases.“We’re 
using  it  as  a  project  management  workflow  tool,” 
Helmich  says. 

There  are  a  few  more  processes  Helmich  plans  to 
automate  with  the  Team  software.  It’s  just  a  matter  of 
finding  the  time,  he  says. 

Segregation  anxiety 

Some  companies  have  created  new  positions  inside 
IT  to  deal  with  compliance  challenges. 

Security  software  maker  McAfee  hired  Mark  Homs  to 
handle  security  and  compliance  issues  related  to  the 
company’s  SAP  system.  “I  deal  with  the  internal  audit 
people,  the  Sarbanes-Oxley  committee,  CFO,  CIO,  end 
users  and  anyone  in  between,” says  Homs,  whose  title  is 
SAP  security  manager. 

Before  joining  McAfee,  Homs  led  SAP  security  at  a 
Northrop  Grumman  division,  worked  as  a  consultant 


and  did  a  brief  stint  with  a  vendor  of  SOX-related  soft¬ 
ware.  His  expertise  lies  in  the  intricacies  of  SAP  config¬ 
uration  and  the  design  of  sustainable  security  schemas 
for  ERP  systems  —  a  key  asset  in  today’s  SOX  world. 
“Sarbanes-Oxley  helped  advance  what  I  do,"  Homs  says. 

SAP  applications  are  extremely  flexible,  and  controls  are 
complex.  Choosing  the  best  way  to  configure  security  set¬ 
tings  isn’t  intuitive,  Homs  says.“Some  of  the  ways  you  can 
achieve  the  controls  are  maintainable,  and  some  are  not. 
That’s  where  a  lot  of  companies  have  had  problems.” 

When  Homs  came  on  board  at  McAfee,  he  helped 
rewrite  its  SAP  security  framework  and  bought  software 
from  Approva  to  help  manage  and  strengthen  the  com¬ 
pany’s  business  controls.  The  vendor’s  BizRights  plat- 


Shopping  lor  software 

Spending  on  compliance-related  software  between 
2004  and  2009  is  projected  to  soar,  according  to 
research  firm  Gartner. 
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form  helps  McAfee  spot  and  remediate  risky  configura¬ 
tion  settings,  policy  violations  and  role  conflicts,  for 
example. 

Without  a  tool  such  as  Approva,  getting  to  the  root  of 
an  issue  takes  a  lot  of  work.  For  example,  if  the  account¬ 
ing  department  wants  to  restrict  access  to  a  particular 
transaction,  Approva  makes  it  easy,  Homs  says.“Approva 
can  show  me  who  has  access  to  this  transaction.  But  it 
won’t  stop  there.  It  will  say  ‘this  is  who  has  access  to  the 
transaction,  this  is  how  they  get  it,  this  is  what  autho¬ 
rization  value  gives  it  to  them.’That  saves  me  just  count¬ 
less  hours  of  research.” 

SAP  doesn’t  provide  that  kind  of  reporting  natively. 
The  information  is  out  there,  but  it’s  not  easy  to  corre¬ 
late,  Homs  says.  Approva  does  the  correlation  automat¬ 
ically,  which  justifies  the  investment  in  the  software, 
Homs  says.  But  putting  an  exact  number  on  the  return 
is  difficult.  He  estimates  by  automating  a  lot  of  func¬ 
tions  with  BizRights  —  such  as  user  provisioning,  com¬ 
pliance  monitoring  and  workflow  —  McAfee  avoids 
having  to  retain  about  one-half  of  a  staff  member. 

“Just  the  ability  to  make  sure  previous  issues  don’t 
creep  back  into  systems  is  really  important  because 
then  we  don’t  have  to  refix  things,”  Homs  says. “There’s 
definitely  a  return  on  investment.” 

Financial  services  firm  Harris  also  has  found  an  ROI 


with  its  purchase  of  software  from  LogicalApps. 

Darlene  Mac  Cormac  knew  segregation  of  duties  was 
an  area  she’d  have  to  address.  Mac  Cormac  is  vice  pres¬ 
ident  of  procurement  and  strategic  sourcing  at  Harris 
in  Chicago,  which  is  part  of  the  publicly  traded  BMO 
Financial  Group. 

The  companies’  existing  review  process  was  manual 
and  incredibly  time  consuming.  With  all  the  steps 
required,  it  took  Harris  about  two  months  to  go  through 
its  annual  segregation-of-duties  review,  Mac  Cormac 
says. “It  was  just  a  waste  of  senior  people’s  time.” 

A  few  months  ago,  Harris  went  live  with  LogicalApps’ 
software,  which  embeds  controls  for  enforcing  regula¬ 
tory  mandates  and  business  policies  within  the  firm’s 
Oracle  ERP  applications.  The  controls  help  manage 
user  access  privileges,  for  example,  while  dashboards 
and  reporting  features  alert  managers  to  potential  red 
flags.  “Now  when  we  do  these  audits  we’re  not  doing 
them  manually,  once  a  year,  for  at  a  point  in  time,”  Mac 
Cormac  says. 

In  addition,  Harris  has  been  able  to  close  hidden  gaps 
before  they  were  exploited. “No  matter  how  thorough  a 
job  we  thought  we  were  doing,  we  knew  we  weren’t 
catching  everything,  and  that  was  blatant  the  first  time 
we  ran  the  LogicalApps  tool  sets,”  Mac  Cormac  says. 
“When  they  came  out  with  the  reports,  I  was  floored  at 
some  of  things  that  people  could  do.  We’d  just  never 
realized  because  we’d  never  dug  that  deep.” 

One  big  payoff  is  in  manual  time  saved.  “It  paid  for 
itself  in  the  reduction  in  time  for  doing  our  regular  rou¬ 
tine  audits,”  Mac  Cormac  says.  In  addition,  the  software’s 
configurability  has  helped  conserve  development 
resources.  “So  any  monies  that  we  would  have  spent 
customizing  the  Oracle  applications,  or  the  Oracle 
forms,  to  do  some  of  the  things  we  wanted,  we’re  able 
to  do  it  with  these  tools.” 

Look  on  the  bright  side 

SOX  compliance  undeniably  has  created  a  lot  of 
work  for  companies.  But  in  the  three-plus  years  since  it 
was  signed  into  law,  there  are  plenty  of  examples 
where  SOX  has  had  a  positive  affect  on  the  accuracy 
and  security  of  companies’  financial  reporting 
processes. 

Micros  has  used  its  SOX  efforts  to  streamline  compa¬ 
ny  processes.  The  scrutiny  SOX  puts  on  internal 
processes  affords  an  opportunity. to  spot  inefficien¬ 
cies  in  business  processes  and  make  recommenda¬ 
tions  for  improving  those  processes,  Micros’  Requena 
says.  “We’ve  made  quite  a  few  effective  recommenda¬ 
tions.” 

Another  potential  bonus  for  SOX-governed  compa¬ 
nies  is  the  opportunity  to  find  money  to  do  projects 
that  have  been  on  IT  wish  lists  for  some  time.  The  bud¬ 
get  for  SOX  in  many  companies  is  unlimited,  McAfee’s 
Homs  says.  “Whatever  it  takes,  make  it  happen.  I  never 
saw  that  in  all  of  my  career  for  anything,”  he  says.  ■ 


nww.com 

Tips  and  tools 

Check  out  NetworkWorld.com  for  more  stories  about  how  companies  like 
Bidz.com,  Blue  Rhino,  Congoleum  and  Qualcomm  are  tackling  SOX. 
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E-MAIL  NEWSLETTER  SHOWCASE:  Branch  office  best  practices 

Is  it  time  for  a  chief  branch  office  architect? 


BY  ROBIN  GAREISS 

If  you  talk  to  100  companies, 
you’ll  hear  100  different  organiza¬ 
tional  structures  for  their  IT  depart¬ 
ments.  I  have  concluded  that  orga¬ 
nizations  need  someone  creating 
and  coordinating  technology  strat¬ 
egy  for  the  branch  office. 

This  hasn’t  been  standard  prac¬ 
tice  at  many  companies.  After  all, 
the  branch  office  isn’t  a  broad 
technology  area,  such  as  network, 
applications, security  or  infrastruc¬ 
ture.  It’s  certainly  not  a  sub-tech¬ 
nology  area,  such  as  VoIR  MPLS, 
operating  systems  or  CRM.  In 
those  cases,  an  individual  or  staff 
creates  strategy  and  buys  and 
maintains  products. 

But  it’s  becoming  imperative  for 
an  individual  or  a  staff  to  possess  a 
high-level,  strategic  view  of  the 
branch  office  infrastructure  to  pro¬ 
vide  a  consistent,  predictable  ex¬ 
perience  for  remote  employees. 

For  now,  branch  office  decision¬ 
makers  fall  into  one  of  the  follow¬ 
ing  categories: 

•  Central  IT/networking/tele- 
com  staff.  Staff  member  makes 
branch  office  decisions  based  on 
his  technology  responsibility 

•  Distributed  staff.  Branch  deci¬ 
sions  are  made  based  on  individ¬ 
ual’s  location. 

•  Outsourced.Third  party  makes 
all  product  and  service  decisions 
for  the  branch. 

•  Single  person/staff  tasked  with 
branch  office  responsibility 

An  individual  or  staff  makes 
companywide  decisions  for  all 
branch  office  products.  This  posi¬ 
tion  is  very  rare. 

In  these  scenarios,  except  a  sin¬ 
gle  person/staff, developing  a  con¬ 
sistent  architecture  for  all  branch 
offices  is  difficult  because  no  one 
has  a  holistic  view  of  the  branch 
office  infrastructure,  and  no  one  is 
setting  a  comprehensive  strategy 

For  example,  the  applications 
team  may  decide  to  buy  applica¬ 
tion  acceleration  products  for 
some  branch  offices,  while  at  the 
same  time,  the  infrastructure  team 
is  evaluating  similar  functionality 
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wrapped  in  a  services  gateway  or 
WAN  optimization  device.  Mean¬ 
while,  a  business-unit  leader  may 
approve  the  addition  of  hosted 
VoIP  for  his  work-at-home  sales 
reps,  while  the  director  of  telecom 


negotiates  a  deal  with  a  different 
service  provider. 

Even  with  the  best  efforts,  com¬ 
munications  falls  apart.  To  ensure 
a  consistent  experience  for  all 
branch  employees,  firms  should 


assign  branch  office  decision 
making  to  one  person  or  one  staff. 

That  individual  or  team  would 
work  with  the  experts  in  each 
technology  area,  allowing  the 
branch  office  infrastructure  to  be 


more  consistent. 

Gareiss  is  executive  vice  presi¬ 
dent  and  senior  founding  partner 
for  Nemertes  Research.  She  can  be 
reached  at  robin@nemertes.com. 


The  original  Wi-Jack™  set  the  standard  as  the  stylish, 
high-performance  wireless  access  point  that  blends 
smoothly  into  any  office  decor.  The  new  Wi-Jack 
raises  the  bar  by  disappearing  into  the  decor. 

While  it's  hard  to  find,  it  easily  integrates  into  the 
structured  cabling  system.  The  new  Wi-Jack  will  be 
unveiled  at  Interop  Las  Vegas.  In  the  meantime,  visit 
www.ortronics.com/newwi-jack  for  more  information 
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Ruckus  delivers  wireless 
multimedia  performance 


BY  CRAIG  MATHIAS 


Multimedia  (voice  and  video)  is  the  next  big  thing  to  travel  over  a  wireless 
LAN.  While  products  designed  specifically  for  multimedia  traffic  are  geared 
mostly  to  the  residential  market,  it’s  clear  that  improving  video  quality  over 


Pros:  Great  performance,  easy  to  configure. 
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a  WLAN  link  will  also  interest  businesses. 


Enter  the  Ruckus  Wireless  Multimedia  System  from 
Ruckus  Wireless,  which  includes  the  company’s  MF2900 
Multimedia  Access  Point  and  the  MF2501  Multimedia 
Adapter.  Ruckus  says  its  equipment  gets  multimedia  con¬ 
tent  from  one  fixed  location  in  a  residence  to  another 
(such  as  a  home  theater  system)  with  absolute  video  and 
audio  fidelity. 

Ruckus  uses  a  six-element  digital  beam-forming  tech¬ 
nique  it  calls  BeamFlex  —  akin  to  multiple-input/multi¬ 
ple-output  (MIMO)  technology  —  that  lets  its  products 
select  a  combination  of  transmitting  and  receiving  anten¬ 
nae  that  remains  optimal  because  it  changes  as  the  radio 
environment  changes  (because  of  other  radio  frequency 
traffic  or  as  people  move  around  near  their  equipment). 
Ruckus  also  embeds  firmware  called  SmartCast,  which 
provides  “advanced  packet  inspection,  handling  queuing 
and  scheduling”  for  optimal  performance. 

The  system  we  compared  against  Ruckus  combined  a 
Linksys  router  and  PCI  card. Setting  up  the  two  systems  via 
a  browser  was  easy;  we  changed  RF  channels  and  IP 


We  tested  the  Ruckus  system  in  our  wireless 
media  facility,  a  combination  entertainment 
and  work  environment  that  is  completely  wire¬ 
less,  except  for  the  AC  power  coming  into  the  room. We 
chose  a  subjective  test  (perceived  video  quality)  and 
an  objective  test  (measured  throughput)  to  get  a  com¬ 
plete  picture  of  the  Ruckus  system’s  capabilities.  We 
compared  Ruckus  with  another  popular  multiple- 
input/multiple-output  (MlMO)-based  wireless  LAN  sys¬ 
tem  that  uses  a  Linksys  WRT54GX  router  (used  only  as 
an  access  point  in  our  test)  and  a  Linksys  WMP54GX 
SRX  PCI  adapter.  Our  test  geometry  involved  a  linear 
distance  of  only  about  15  feet,  but  it  did  go  straight  up 
through  two  floors  and  assorted  wooden  furniture. 

The  access  points  and  a  Dell  4 150  server  connected  to 
a  Linksys  FXXS  16W  switch. The  Dell  server  was  used  to 
host  the  freeware  VLC  streaming-video  client  and  server 
(available  at  www.videolan.org/),  which  we  used  to  test 


addresses  but  left  all  other  parameters 
at  their  defaults.  Wireless  Protected 
Access  with  Pre-Shared  Keys  (WPA- 
PSK)  security  the  minimum  we’d  sug¬ 
gest  for  a  corporate  environment,  was 
used  on  both  system  setups.  We  noted 
that  the  Ruckus  client  attached  via  an 
RM5s  Ethernet  port.  We  don’t  believe 
the  differences  in  the  systems  affected 
our  results,  because  network  traffic 
was  moving  at  well  below  the  peak 
speeds  of  both  interfaces. 

In  our  performance  tests  (see  “How 
we  did  it”),  the  Linksys  system  turned 
in  a  consistent  speed  of  16.3  Mbps  for  three  test  runs, 
while  the  Ruckus  system  produced  speeds  of  16.5M, 
17. 1M  and  13Mbps.  We  assumed  from  these  results  — 
given  our  particular  workload,  the  geometric  relationship 
of  the  nodes  and  the  environment  —  that  the  two  sys¬ 
tems  would  yield  similar  results  with  typical  network-ori- 


video  and  audio  on  both  systems.  We  used  the  free  Iperf 
benchmark  (http://dast.nlanr.net/Projects/lperf/),  also 
installed  on  the  Dell  Server,  for  the  raw  throughput  tests. 
Throughput  was  tested  by  running  an  Iperf  test  for  two 
minutes  three  times.We  tested  TCP  performance, and  left 
all  parameters  at  their  default  settings  —  other  than  the 
length  of  the  test.  The  wireless  client  adapters  were 
attached  to  a  Dell  4500  PC  connected  to  a  projector.  A 
DVD  in  the  server  streamed  wirelessly  across  the  net¬ 
work  to  the  client  PC,  and  we  tested  subjective  video 
quality,  looking  for  dropouts,  latency  and  other  artifacts. 

While  we  normally  test  wireless  clients  using  turn¬ 
tables  (to  minimize  the  possibility  of  dead  spots), there 
was  no  need  for  this,  because  the  system  continually 
tunes  itself  for  the  best  antenna  combination  (see 
www.nwdocfinder.com/2722  for  a  previous  MIMO  test 
we  ran).  LEDs  on  top  of  each  unit  lit  up  as  the  trans¬ 
mission  pattern  continually  changed  and  adapted. 


ented  applications. 

Ruckus  cautioned  us  that  its  prod¬ 
ucts  are  designed  for  multimedia,  not 
for  traditional  networking,  so  we  went 
a  step  further  and  ran  a  subjective 
evaluation  of  video  quality  and  per¬ 
formance.  Here  the  Ruckus  equip¬ 
ment  was  uniformly  excellent;  we 
noticed  no  dropouts,  glitches  or  other 
errors  of  any  form,  video  or  audio  that 
might  have  detracted  from  our  view¬ 
ing  experience.  We  watched  a  clip 
ripped  from  a  DVD  for  3.5  minutes 
and  quickly  forgot  that  we  were  test¬ 
ing  a  network.  It  was  that  good.  But  we 
got  identical  results  from  the  Linksys 
system  —  flawless  video  and  audio. 

It’s  quite  clear  that  short-range,  broadband  distribution 
of  wireless  is  going  to  be  a  huge  market  —  big-screen  tele¬ 
visions  are  seldom  near  the  cable  or  satellite  drop. 
Regardless,  networked  home  media  implies  a  degree  of 
mobility  and  convenience  unavailable  with  traditional 
TVs  and  the  tyranny  of  the  set-top  box, hence  the  need  for 
wireless. 

We  would  like  to  see  Ruckus  replace  the  RJ-45s  port 
with  component  video  connectors  (and  ideally,  five-chan¬ 
nel  audio  or  even  a  High-Definition  Multimedia  Interface 
connector)  to  create  a  true  media  product. The  one  con¬ 
sumer-grade  video-link  product  on  the  market,  Belkin’s 
55000,  doesn’t  use  MIMO  or  another  multiantenna  tech¬ 
nique,  resulting  often  in  suboptimal  range  and  video  qual¬ 
ity.  High-definition  TV  (and  the  bandwidth  it  demands)  is 
clearly  the  future,  and  we  expect  to  see  a  broad  range  of 
video  links  based  on  Wi-Fi,  ultrawideband  radio,  and  even, 
in  a  couple  of  years,  technologies  such  as  60GHz  millime¬ 
ter  waves. 

Ruckus  is  aiming  its  products  at  service  providers,  so 
don’t  look  for  it  on  store  shelves. We’d  love  to  see  it  there, 
because  it  makes  a  great  wireless  bridge  (perfect  in  enter¬ 
prise  environments  for  computers  or  other  equipment 
that  have  only  an  Ethernet  port), even  if  video  isn’t  on  the 
menu.  However,  you’ll  be  hearing  a  lot  more  about 
Ruckus,  especially  as  IP  TV  services  begin  to  take  hold. 

Mathias  is  principal  at  the  Farpoint  Group,  a  wireless  con 
sultancy.  He  can  be  reached  at  craig@farpointgroup.com. 


How  we  did  it 


wm 


The  MF2900  combines  smart  antennae 
and  traffic  management  to  provide 
better  multimedia  quality. 
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E-MAIL  NEWSLETTER  SHOWCASE:  New  data  center  strategies 

Access  control  still  in  a  standards  disarray 


BY  ANDREAS  ANTONOPOULOS 

De-perimeterization  describes 
the  erosion  of  traditional  perime¬ 
ters.  Our  research  indicates  that 
most  companies  are  retrenching 
and  redeploying  their  perimeter 
around  applications  and  data  re¬ 
siding  in  the  data  center. 

This  new  perimeter  focuses 
security  controls  at  the  point  of 
access  to  the  data  center.  The 
perimeter-of-one  strategy  layers 
firewalls,  intrusion-prevention  sys¬ 
tems  and  anti-malware  around 
every  desktop,  laptop  and  hand¬ 
held  computer.  Security  policies 
then  connect  the  two  perimeters 
with  an  access-control  policy  that 
checks  every  endpoint. 

The  problem  is  endpoint  access 
control  is  dominated  by  propri¬ 
etary  and  non-compatible  solu¬ 
tions  by  Microsoft  and  Cisco.  But 
things  may  be  about  to  change. 

Ciscos  Network  Admission  Con¬ 
trol  (NAC)  and  Microsoft’s  Net¬ 
work  Access  Protection  (NAP)  are 
the  two  most  commonly  cited 
approaches  for  controlling  end¬ 
point  access.The  two  approaches 
are  still  not  compatible,  almost 
two  years  after  their  introduction. 

Both  vendors  seem  intent  on 
continuing  down  diverging  paths 
despite  the  market  demand  for 
broadly  interoperable  products. 

Cisco  and  Microsoft  are  taking 
different  approaches  to  endpoint 
control.  One  approach  seems  to 
emphasize  the  network,  while  the 
other  emphasizes  the  endpoint. 

But  NAP  and  NAC  are  not  the 
end  of  the  story  An  industry  stan¬ 
dards  body,  the  Trusted  Compu¬ 
ting  Group,  has  worked  with  many 
vendors  to  develop  a  common  ar¬ 
chitecture  and  interface  specifica¬ 
tion  for  endpoint  verification  and 
access  control. 

The  Trusted  Network  Connect 
(TNC)  working  group  has  pub¬ 
lished  specifications,  and  many 
vendors  are  building  standards 
based  endpoint  access  control. 
The  TNC  standard  is  open  and 
balanced  between  the  network 
and  the  endpoint. 


In  your  in-box 

Sign  up  for  this  or  any  of  Network 
World's  many  other  e-mail  newsletters. 

www.nwdocfinder.com/1002 


TNC  is  also  modular,  allowing 
multiple  policy  engines  to  check 
different  aspects  of  compliance. 
While  the  focus  has  been  on  anti¬ 
malware  and  operating  system 
patches,  there  is  no  limit  to  the 


types  of  checks  that  can  be  imple¬ 
mented  in  TNC. 

The  TNC  is  a  working  group  and 
a  standard. The  first  TNC  products 
are  compatible  with  NAP  and 
NAC,  creating  a  bridge  from  those 


approaches  to  open  standards. 

EndForce,  Nortel,  Juniper,  HP 
Symantec,  Meetinghouse,  Nevis 
and  Consentry  have  announced 
products  or  are  in  the  working 
group  and  developing  products 


around  TNC. 

Antonopoulos  is  principal 
research  analyst  at  Nemertes 
Research.  He  can  be  reached  at 
andreas@nemertes.  com. 


N-TRON  gives 
you  more  ways 
to  monitor  your 
Industrial 
Ethernet 
network 


Introducing  N-TRON’s  9000  Series  GbE 
Industrial  Switch  with  Advanced  Monitoring 
to  bridge  the  gap  between  IT  and  the  Factory 

N-TRON®  manufactures  a  unique  product  that 
bridges  the  domain  between  IT  and  the  Factory 
as  far  as  network  monitoring  software  needs  are 
concerned.  Our  9000  Series  provides  plug-and- 
play  SNMP  and  Web  Browser  monitoring  for  IT, 
and  fully  compliant  OPC/HMI  monitoring  for  the 
Factory,  all  in  a  ruggedized  steel  enclosure  that  is 
capable  of  withstanding  rigorous  environmental 
conditions. 


•  Hardened  Environmental  Specifications 

•  Extended  Temperature,  Shock, 
Vibration,  and  High  Noise  Protection 

•  High  MTBF  >1M  Hours 

•  Redundant  Power  Inputs 

•  High  Availability 

•  Plug-and-Play  Advanced  Monitoring 

•  Full  SNMP  and  Web  Browsing  for  IT 

•  Full  OPC  Compliance  for  the  Factory 

•  Four  Slot  Mix  and  Match  Modular  Switch 

•  Six  Port  10/IOOBaseTX  Modules 

•  Two  or  Four  Port  100BaseFX  Modules 

•  Two  Optional  Gigabit  Fiber  Ports 


*  Standard  Managed  Switch  Features 
•  IGMP,  Link  Aggregation,  Port  Control, 
Port  Mirroring,  IEEE  802.1  D, 

802.1  p  QoS,  802.3,  802.3u,  802.3x, 
802. 1w  RSTP,  802. IQ  VLAN,  SNMP, 
and  Web  Browsing 


N-iron 

THE  INDUSTRIAL  NETWORK  COMPANY  < 


Visit  us  on  the  web  @  www.n-tron.com  or  call  (251)  342-2164 
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MILAN  s  MIL-SM80I  series  of 
layer  2  managed  switches 
provides  high 


performance  non-blocking 
switching. 


The  ShAir  AccessG  Pro 
AP/Bridge:  MILAN’S  new 
cost-effective,  enterprise-class 
wireless  access  point. 


The  MIL-SM240I M  Series  is 
MILANs  most  powerful,  flexible 
line  of  Layer  2  management 
switches. 


■ 


WITH! 


MORE 


SIMPLY 


MILAN  makes  switching  and  wireless  technology  accessible  to 
even  more  applications,  more  needs,  and  more  importantly,  more 
people. Transition  Networks,  the  industry  leader  in  product 
quality,  availability  and  support,  now  offers  MILAN  switching  and 
wireless  products  as  a  way  for  small  businesses  to  simply 
connect  the  devices  they  need. 


MILAN  BY 

TRANSITION 

NETWORKS 


MILAN  brings  more  within  your  reach,  with  less  of  what  you 

don’t  need. 


www.milan.com  800  -526  ~  9267 


4.10.06  •  www.networkworld.com  •  55 


MANAGEMEHT  STRATEGIES 

CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 

Hot  IT  jobs 

Employers  look  for  well-rounded  tech  talent  with  application  development  and 
infrastructure  skills,  vertical  experience. 


BY  DENISE  PAPPALARDO 

If  you’re  thinking  about  mapping  out  your  next  career 
step,  here  are  some  of  this  year’s  hottest  job  skills.  One 
big  trend  that’s  affecting  certified  and  non-certified 
positions  is  that  many  large  companies  are  getting  to  new 
technology  deployments  that  they  had  put  on  the  back 
burner  as  they  focused  on  complying  with  rules  stemming 
from  legislation  such  as  the  Health  Insurance  Portability 
and  Accountability  Act  and  the  Sarbanes-Oxley  Act. 


Now  IT  departments  are  focusing  more 
of  their  energy  and  money  on  creating 
new  products  and  services,  says  David 
Foote,  president  and  chief  research  officer 
at  Foote  Partners,  an  IT  workforce 
research  firm.  This  has  created  a  backlog 
of  projects  that  IT  departments  have  to 
complete. 

That's  one  reason  some  hot  IT  jobs  in¬ 
clude  application  development,  Foote  says. 
According  to  his  firm’s  research,  deploy¬ 
ments  need  employees  with  customer-fac¬ 
ing  skills  that  support  new  products,  ser¬ 
vices  and  customer-support  systems;  infra¬ 
structure  skills  in  networking,  wireless  and 
security;  and  enabling  skills  in  project  plan¬ 
ning,  management  and  open  source  (see 
graphic). 

One  company,  NPC  International,  the 
largest  Pizza  Hut  franchisee  in  the  United 
States,  echoes  Footes  findings:  Applica¬ 
tion  development  and  infrastructure  skills 
are  at  the  top  of  its  list  of  in-demand  pro¬ 
ficiencies. 

“We  have  been  converting  most  of  our 
application  development  to  Visual  Studio; 
now,  with  approximately  70%  of  our  devel¬ 
opment  in  this  environment,  we  have  an 
ever-growing  need  for  [Visual  Studio] 
developers," says  Mike  Woods, CIO  at  NPC  in 
Pittsburg,  Kan. 

Two  other  important  areas  of  expertise 
are  “problem-solving  skills,  such  as  second- 
and  third-level  support,  and  network  engi- 
neering,”Woods  says.“We’re  interested  in  IT 
staff  who  have  network  engineering  skills 


beyond  a  knowledge  of  routing  tables,”  he 
says. 

Because  these  skills  are  technical,  Foote 
says,  employers  are  putting  more  effort 
into  retaining  employees  who  have  them. 
Employers  who  haven’t  thought  about 
retention  programs  may  be  suffering  the 
loss  of  some  top  staff  after  other  compa¬ 
nies  recruit  them. 

Retention  is  at  the  forefront  for  Woods  as 
he  scopes  out  the  market  for  employees. 
He  points  out  that  his  location  is  chal¬ 
lenging  as  well. “It’s  not  that  there  aren’t  a 
lot  of  people  with  the  skills  needed.  It’s 
getting  people  to  relocate  from  urban 
markets  and  then  stay  he  says.  NPC  is  90 
minutes  outside  Kansas  City“Longevity,for 
some,  is  staying  at  one  job  for  18  to  24 
months.  Most  of  our  people  have  been 
here  three  to  five  years.” 

Not  only  are  folks  finally  getting  to  pro¬ 
jects  that  had  been  put  off,  but  they’re  also 
thinking  about  their  businesses  differently 
says  Paul  Groce,  partner  and  head  of  the 
CIO  practice  at  executive  search  firm 
Christian  &  Timbers.  “For  years  Microsoft 
was  the  company  that  other  corporations 
aspired  to  be  like. Today  companies  aspire 
to  be  like  Google,”  he  says. 

“We’re  in  the  return  of  the  Web,  and 
that’s  driving  IT  Groce  says.  One  example 
is  the  migration  of  the  call  center  to  con¬ 
tact  center,  he  says.  If  you’re  an  expert  in 
managing  a  call  center,  you  probably  al¬ 
ready  have  started  thinking  about  new 
training  to  prolong  your  career.  If  you’re  a 


project  manager  who  can  deal  with  the 
complexities  of  mapping  out  the  migra¬ 
tion  to  a  contact  center,  often  based  on 
VolPyou’re  in  a  better  position. 

Cost-cutting  skills  and  regulatory-compli¬ 
ance  expertise  are  less  desirable  this  year 
than  last,  according  to  Foote  Partners’  re¬ 
search.  It’s  not  that  employers  don’t  care 
about  reducing  expenses,  but  other  skills  — 
improving  project-management  disciplines 
and  workforce  productivity,  for  example  — 
are  more  important.  One  could  even  argue 
that  those  two  skills  are,  in  effect,  cost-cut- 
ting  measures  that  allow  you  to  get  more 
with  what  you  already  have. 

Experts  also  agree  that  employers  are 
hot  on  vertical  experience.  It’s  no  longer 
enough  to  be  a  technical  expert.  “Ex¬ 
perience  in  vertical  industries  with  specif¬ 
ic  technologies”  is  in  demand,  Foote  says. 
If  you  have  experience  in  finance,  you 
might  have  more  job  choices,  Groce  says. 
IT  staffers  are  sought  after  whose  back¬ 
grounds  are  in  private  banking,  finance 
and  retirement  services.  “The  American 
consumer  is  wealthier  than  10  years  ago, 
and  as  baby  boomers  move  into  retire¬ 
ment  there  is  the  need  for  more  sophisti¬ 
cated  tools  to  support  these  consumers,” 
he  says. 

The  demand  for  storage-area  network 
(SAN)  skills  also  is  increasing,  Groce  says: 
“Folks  that  were  dealing  with  1TB  of  infor¬ 
mation  are  now  moving  4,  8,  20  or  30  TB. 
There  is  the  need  to  bring  in  technologists 
experienced  in  providing  scalable  solu¬ 
tions  that  provide  full  utilization  of  mining 
and  leveraging  of  that  data.” 

Foote  also  cites  SAN  skills  and  man¬ 
agement  as  being  in  demand  this  year. 
He  points  out  that  last  year  SAN  experts 
were  making  about  8.3%  more  than  the 
previous  year.  ■ 


nww.com 

Hot  or  not 

Find  out  which  skills  moved  up  the  desirability  list 
this  year  and  which  ones  dropped  in  ranking. 

www.mrteriBder.cw/2921 


Handsome  rewards 

Salary  alone  isn't  the  judge  of  a  hot 
skill,  but  here  are  10  skills  associated 
with  the  biggest  wage  increases  in 
the  last  six  months. 

Top  five  skill  certifications: 

Check  Point  Certified  Security  Administrator  33.3% 

CompTIA  Linux  (Linux-*-) 

16.7% 

Microsoft  Certified  Applications  Developer 

14.3% 

Sun  Certified  Programmer  for  Java  2  Platform  14.3% 

Check  Point  Certified  Security  Expert 

12.5% 

Top  five  noncertified  skills: 

Java  2  platform 

28.6% 

RFID 

22.2% 

Visual  J++ 

14.3% 

Microsoft.Net 

11.1% 

Storage-area  networks 

8.3% 

Skilled  labor 

Foote  Partners  forecasts  these  IT 
skills  will  be  in  demand  this  year. 

Customerfacing: 

•  Applications  development/databases 

•  Rapid  application  development/Extreme 
programming 

•  Web -enabled  analytics,  management  apps 

•  RFID/location-aware  services 


infrastructure: 

•  Networking 

•  Web  services 

•  Wireless 

•  Storage/SAN 

•  Security 

•  Messaging 

•  Systems 

Enabling: 

•  Project  planning,  budgeting,  scheduling, 
management,  leadership 

•  Business  process  design,  reengineering 

•  Open  source/Linux 

SOURCE:  FOOTE  PARTNERS 
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Don't  Let  High-Density 
Put  You  Into  the  Hot  Seat.. 

APC's  Air  Remova!  Unit  VX  helps  you  keep  your  cool 

Value  heat  removal  for  high  density  equipment  in  NetShelter®  VX  enclosures. 
In  a  traditional  data  center  where  the  overall  average  cooling  capacity  is 
adequate  but  hot  spots  have  been  created  by  the  deployment  of  high  density 
servers,  cooling  loads  within  racks  can  be  improved  by  the  retrofitting  of  fan- 
assisted  devices  such  as  the  Rack  Air  Removal  Unit  VX.  Hot  exhaust  air  that 
would  normally  be  expelled  into  the  data  center  is  gathered  and  propelled 
upwards,  where  it  is  ducted  directly  to  the  return  air  plenum.  This  prevents 
server  exhaust  air  from  recirculating  to  the  front  rack  and  improves  Computer 
Room  Air  Conditioner  efficiency  and  capacity. 


•  Dual  A-B  power  inputs 

•  Ducted  Exhaust  System  (optional) 

•  Power  or  Temperature  Controlled  Fans 

•  3  fans  for  redundancy 


•  Zero  "U"  Solution 

•  Supports  up  to  7.5kW  per  rack 

•  Compatible  with  APC  NetShelter®  VX 
enclosures  only 


Designed  for  NetShelter®  VX  users,  the  APC  Rack  Air  Removal 
Unit  VX,  which  fits  on  19"  racks,  gathers  and  propells  exhaust 
air  that  would  normally  be  expelled  into  the  data  center, 
upwards  where  it  is  ducted  directly  to  the  return  air  plenum. 


APC  Rack  Air  Removal  Unit  VX  is  available  at  a  new  lower  price  (up  to  35%  off).  Upgrade  your  APC  NetShelter®  VX  now  to  support 
high  density  server  installations.  If  you're  buying  new  NetShelter®  SX  racks,  see  our  solutions  at  www.apc.com. 


Price  is  a  limited  time  offer,  BUY  NOW! 

Also  enter  to  WIN  a  FREE  APC  Rack  Air  Removal  Unit  today. 

Visit  http://promo.apc.com  Key  Code  j798x  •  Call  888-289-APCC  x6842  •  Fax  401-788-2797 

©2006  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  1 32  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  NA1 A5EP-US 


Legendary  Reliability® 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


LOCAL  OR  REMOTE  SERVER 


SOLUTIONS 


UftraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 


if, 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

~  RackVieWs  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
servg'f  robftvs  and  multiple  computers. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


The  RackVifew  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  key Bp'ard,  and  a  high-resolution  touchpad  or  optical  mouse. 
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XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 


800-333-9343 

WWW.ROSE.COM 


# 


ELECTRONICS 


ROSE  US 
HOSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+  44  (0)  1264  850574 
+65  6324  2322 
+617  3388  1540 


Hitting  a  wall  with  your  current  sniffer? 


Break  through  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


INSTRUMENTS 


Wired  to  wireless .  LAN  to  WAN.  One  network  -  complete  control. 

US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


tdVo\Ps 


enhanced  VoIP  support 

~ 


OBSERVER' 


dtSearch 


“Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single 
index  and  returns  results  in  less  than  a  second”  —  Inf  eWorld 


For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 


Contact  dtSearch  for  fully-functional 
evaluations 


♦  over  two  dozen  indexed,  unindexed,  fielded  data 
and  full-text  search  options 


♦  highlights  hits  in  HTML,  XML  and  PDF,  while 
displaying  links,  formatting  and  | 


images 


♦  converts  other  file  types  (word  processor,  database, 
spreadsheet,  email  &  attachments,  ZIP,  Unicode, 
etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content, 
with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc. 

Ask  about  new  .NET  Spider  API 


l. 


Developer  Quotes  and  Reviews 


dtSearch  vs.  the 
competition: 
“dtSearch  easily 
overpowered  the 
document  indexing 
and  searching 
abilities  of  other 
solutions, 
especially  against 
large  volumes  of 
documents” 

Reliability: 
“dtSearch  got  the 
highest  marks 
from  our  systems 
engineering  folks 
that  I've  ever 
heard  of” 

Results:  “customer 
response  has  been 
phenomenal” 


“The  most  powerful 
document  search  tool  on 
the  market” 

—  Wired  Magazine 

“dtSearch ...  leads  the 
market” 

—  Network  Computing 

“Blindingly  fast” 

—  Computer  Forensics: 
Incident  Response  Essentials 

“A  powerful  arsenal  of 
search  tools” 

—  The  New  York  Times 

“Super  fast,  super¬ 
reliable” 

—  The  Wall  Street  Journal 

“Covers  all  data  sources 
...  powerful  Web-based 
engines”—  eWEEK 

“Searches  at  blazing 
speeds” 

—  Computer  Reseller  News 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


Test  Center 
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Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in  band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  offer  only  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network  based  protocols. 


Full  NIST,  FIPS  140-2  certifications  • 


r-«  Hardware  encryption  over  dial-up 
and  network  connections 
p-#  RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Remote  Power  control 


Homologous  world-wide  approved  • 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 
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Ne^fSupp^rf 


Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 


Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 


Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 


NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


What’s  on  your 

etwork? 


Find  out  with  NetSupport. 


Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today. 
And  in  30  minutes  start  viewing  your  vital  Asset  Information. 


Sales: 1-888-665-0808 

www.netsupport-inc.com 
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TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper  nTAPs 

10/100 . $395 

10/100/1000 . ,$9#.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . $1,495 


r 


~\ 


Optical  nTAPs 

One-Channel . $39$  ....$295 

Two-Channel . $79tf  ....$575 

Three-Channel  .... $1^18$  ....$845 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery.* 


R£  C€ 


•Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC 
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info@recurrent.com 

EeCJftR^t 

3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 


For  the  latest  and  most 
in-depth  information  on 
network  IT  products  from 
these  companies  and  more, 

go  to  VENDOR  SOLUTIONS 

www.networkworld.com/vendorsoltftions 
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Installation,  Support 


|  RICKENBACKER 
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ph :  978.475.7200  fx:  978.428.620 
www.rickenbackercommunications.co 
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Benny  Czarny:  The  man  behind 
the  company  behind  the  security 
companies. 


OPSWAT 

continued  from  page  1 

security  software  brands  out 
there. 

Vendors  such  as  Cisco,  F5  Net¬ 
works,  Symantec  and  Juniper 
Networks  license  the  OPSWAT 
code  that  checks  for  more  than 
400  versions  of  security  software 
from  more  than  35  vendors. They 
embed  the  code,  a  software 
development  kit  (SDK),  into  their 
network-access  control  products 
(see  list,  below). 

This  has  made  OPSWAT  (which 
informally  stands  for  Omni- 
Platform  Security  with  Access 
Technologies),  a  security  vendor 
to  security  vendors,  supporting 
methods  of  network-access  con¬ 
trol  ranging  from  Microsoft’s 
Network  Access  Protection  to 
Ciscos  Network  Admission 
Control. 

The  anti-virus  answer 

“What  is  anti-virus,  is  the  ques¬ 
tion  (says  Czarny  a  34-year-old 
computer  science  graduate  of 


OPSWAT  inside 

Products  that  include 
OPSWAT  technology. 

•  Cisco's  Clean  Access  NAC  Appliance 

•  Endforce  -  Endforcc  Enterprise 

•  F5  Networks  FirePass  SSL  VPN 

•  IPDiva  SSL  VPN 

•  iPass  GoRemote 

•  Impulse  SafeConnect  Security 
Assistant 

•  Juniper  Networks  SSL  VPN  security 
appliances 

•  Lockdown  Networks  Network  Access 
Control 

» Looking  Glass  Systems  LG  Vision 

®  Serenti  Smart  Home  Networking 
service 

•  Symantec  Whole  Security  Confident 
Online 

Note:  40  other  undisclosed  vendors  use  the  Oesis 
orVPNGuard  software  development  kits  in  their 
products. 

tMitasking 

What  OPSWAT  SDKs 
can  do: 

•  Identify  400  versions  of  anti-virus, 
anti-spyware,  VPN,  anti-spam  and 
anti-phishing  software  from  35 
security  vendors. 

•  Enforce  patch  updates. 

•  Monitor  programs  running  on 
endpoints  before  granting  network 
access. 


Israel’s  Technion,  Israeli  Institute 
of  Technology,  who  confesses  to 
being  a  “bit  nerdy”in  his  fascina¬ 
tion  with  software  code,  which  he 
started  programming  when  he 
was  1 1  years  old. “Anti-virus  is 
configuring  a  system  to  scan 
and  update.” 

Every  anti-virus  vendor,  Czarny 
says,  accomplishes  this  a  differ¬ 
ent  way  —  sometimes  even  dif¬ 
ferently  in  separate  versions  of 
the  same  product. 

The  API  is  supposed  to  be  the 
direct  path  into  how  products 
work, so  OPSWAT  licenses  every 
virus  package  it  can  find  and 
seeks  business  relationships  with 
as  many  vendors  as  it  can  to 
obtain  the  APIs. 

But  that  approach  doesn’t 
always  work. 

“Sometimes  vendors  are  open, 
sometimes  they  hide  things,” 
Czarny  says.  And  he  adds  about 
the  much-desired  APIs:“Some- 
times  they  just  don’t  have  them.” 

When  OPSWAT  meets  those 
kinds  of  barriers,  its  software 
engineers  in  the  United  States 
and  Israel  have  to  dive  into  the 
security  code  using  their  own 
methods  to  be  able  to  add  the 
anti-virus  software  to  the 
OPSWAT  framework,  which  is 
basically  an  API  for  all  other 
APIs. 

Part  of  OPSWAT’s  mission  is  to 
uncover  new  anti-virus  and  anti¬ 
spyware  companies.  While 
McAfee,  Symantec  and  Trend 
Micro  have  practically  become 
household  names  in  the  United 
States,  there  are  younger  firms  — 
such  as  Beijing  Rising  Technol¬ 
ogy  KingSoft  and  Jiangmin  in 
China,  and  Micro  World  in  India 
—  that  OPSWAT  also  works  with. 

“The  reason  we’re  contacting 
them  is  we  have  prospective  cus¬ 
tomers  based  in  East  Asia  that 
says  these  companies  are  impor¬ 
tant  to  our  market, and  we  expect 
you  to  support  them,”  says  Tom 
Mullen,  OPSWAT’s  vice  president 
of  business  development. 

Getting  through  the  language 
barrier  is  a  struggle,  because  the 
OPSWAT  engineers  don’t  speak 
Mandarin  or  other  Asian  lan¬ 
guages,  but  sometimes  OPSWAT’s 
large  global  customers  help  with 
translation,  Mullen  says. 

Several  of  OPSWAT’s  vendor 
clients,  including  Cisco,  Lock- 
down  Networks  and  Juniper, 
demur  at  discussing  the  develop¬ 
er’s  role  in  their  products.  But  F5 
gave  credit  where  it  is  due. 

A  year  ago  F5  embedded 


OPSWAT  software  in  its  FirePass 
SSL  VPN  gateway  and  client 
software  to  quickly  add  a  secu¬ 
rity-check  function  that  cus¬ 
tomers  wanted. 

“In  an  access  scenario,  a  user 
would  log  on  and  perhaps  pro¬ 
vide  credentials,  perhaps  just  a 
simple  password,”  for  authentica¬ 
tion,  says  Hari  Krisnan,  product 
manager  at  F5.“Now,  before 
allowing  access,  FirePass  can 
check  the  integrity  of  the  client 
device  for  use  of  anti-virus  soft¬ 
ware,  for  the  latest  signature  files 
or  just  make  sure  patches  are 
installed.” 

If  FirePass  determines  a  client 
machine  doesn’t  meet  security 
policy  that  machine  can  be  quar¬ 
antined  on  a  network  for  remedi¬ 
ation  purposes.  (OPSWAT  notes 
that  its  code  is  limited  to  the 
health  check,  and  doesn’t  play  a 
role  in  quarantine  or  actual 
remediation). 

F5  turned  to  OPSWAT  for  help 
on  the  health-check  portion  of 
network-access  control  because 
“there  are  so  many  versions  and 
vendors  of  anti-virus  products  to 
be  supported,  and  a  wide  range 
of  firewalls,”  Krisnan  says. 

Without  OPSWAT,  the  software- 
development  process  would 
have  been  long  and  tedious.  By 
licensing  the  code,  which  can 
check  a  desktop  using  a  Java  or 
ActiveX  applet,  F5  was  able  to 
comprehensively  add  health- 
check  functionality,  he  says. 

OPSWAT  licenses  its  code 
directly  to  only  two  customers: 
California  State  University, 
Fullerton,  and  Microsoft. 

While  Microsoft  wouldn’t  dis¬ 
cuss  what  it’s  doing  with  OPSWAT, 
Sean  Atkinson,  California  State 
Fullerton’s  network  analyst,  says 
the  college  two  years  ago 
licensed  OPSWATs  software  and 
mandated  that  staff  and  faculty 


working  at  home  to  use  the  VPN 
and  to  update  anti-virus  software. 

“We  use  a  Microsoft  server  for 
the  quarantine,”  he  says.“We’re 
saying, ‘we’re  not  allowing  you 
access  to  the  campus  network 
anymore  without  this  [OPSWAT 
software] .” 

The  software  works  by  inform¬ 
ing  users  whether  they  meet  secu¬ 
rity  requirements.  Atkinson  says 
he  knows  OPSWAT  is  small,  but  its 
tech  support  has  been  good,  and 
he  has  volunteered  the  college 
for  beta  tests  of  new  versions. 

Czarny  says  having  Fullerton 
as  a  customer  has  helped  gain 
attention  from  some  larger  ven- 
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dors  as  the  idea  of  policy-based 
access  control  gained  sway  in 
the  industry  a  few  years  ago.  But 
OPSWATs  focus  will  remain  on 
development  work  for  vendors, 
not  users,  he  says. 

For  vendors  embedding  the 
code  into  their  products,  there 
is  risk  that  a  competitor  with 
deep  pockets  could  swoop  in 
and  buy  OPSWAT,  some  ana¬ 
lysts  warn. 

“OPSWAT  is  in  the  right  place 
at  the  right  time,”  says  Gartner 
analyst  John  Pescatore.“But 
there  is  the  risk  that  some  player 
could  grab  it,  and  there  would 
be  a  period  of  time  the  licenses 
are  valid;  that  might  end.” 

Others,  including  Joel  Snyder, 
senior  partner  at  consulting  firm 
Opus  One,  says  such  fears  are 
overblown.  If  OPSWAT  gets  gob¬ 
bled  up,  he  notes,  another  firm 
will  come  along  to  take  on  the 
task  of  pouring  over  endless  num¬ 
bers  of  security  software  products 
to  support  them  in  an  API-based 
framework,  if  the  need  remains. 

Perhaps  so,  F5’s  Krisnan  says,  but 
he  hasn’t  seen  one  yet. 

As  for  Czarny  —  whose  hobbies 
include  running  the  New  York 
marathon  —  he  says  he’s  in 
OPSWAT  for  the  long  run  and  has 
no  plans  to  sell  out.B 
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Security  event 

Application  and  content  security  means  more  than  a  password  and  a  firewall.  It  requires 
layered  protection,  perpetual  scanning  of  all  Web,  SMTP  IM  and  FTP  traffic,  total 
defense  in  depth  —  the  topics  of  Application  &  Content  Security:  Building  a  Defensible 
Network,  the  new  Network  World  LIVE  Technology  Tour  event  for  May.  Register  now  and 
qualify  to  attend  free,  www.nwdocfinder.com/3421 
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BAGKSPIN 


Mark  Gibbs 


I  ang  on!  I’ve  been  in 
this  meeting  before!  I 
I  have!  It’s  the  same 
group  of  people,  we’re  just 
weeks  away  from  launch 
and  these  looneys  want  to  change  everything! 

Why  do  they  always  want  to  improve  things  when  we’re 
about  to  go  live?  They’re  nuts!  The  marketing  guys  want 
these  bizarre  new  features,  while  the  developers  want  to 
change  the  underlying  architecture,  and  somehow  no 
one  seems  to  see  the  obvious  —  that  they’re  turning 
something  that  might  just  work  into  something  that  prob¬ 
ably  won’t  work. Sigh. 

But  how  could  this  meeting  be  so  similar  to  pretty 
much  every  meeting  in  every  company  I  have  ever 
worked  for?  Sure,  the  participants  look  a  bit  different 
each  time  —  some  older,  some  new  faces,  a  different  con¬ 
ference  room,  doughnuts  instead  of  bagels,  non-dairy 
creamer  instead  of  real  milk,  excitement  in  the  air 
instead  of  desperation  —  but  the  core  of  the  meeting  is 
almost  the  same  as  the  last  one. 

But  wait.  Maybe  that’s  it.  Each  subsequent  meeting  is  a 
little  different  (or  weirder,  depending  on  how  you  think 
about  it)  from  the  preceding  one,  and  they  get  more  dif¬ 
ferent  the  further  apart  they  are. 

Now,  I’ve  read  there’s  a  theory  of  parallel  universes  that 
goes  like  this:  If  we  assume  that  totality  —  life,  the  uni¬ 
verse  and  everything  —  is  infinite  (and  given  what  we 


The  theory  of  alternate  meetings 
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know.it  would  seem  to  be  a  good  assumption),  then 
there  is  a  100%  certainty  that  every  permutation  of  every¬ 
thing  possible  exists.  One  of  the  favorite  “multiverse” 
ideas,  the  Open  Multiverse  model,  is  described 
(www.nwdocfinder.com/2942)  as  “a  generic  prediction  of 
cosmic  inflation  [which]  is  an  infinite  ergodic  universe, 
which,  being  infinite,  must  contain  Hubble  volumes  real¬ 
izing  all  initial  conditions  —  including  an  identical  copy 
of  you  about  10A{10A{29}}  meters  away’ 

So  here’s  my  thinking:  What  if,  without  knowing  it  we 
slip  from  one  universe  to  another  and  therefore  in 
and  out  of  the  same  meetings  shifted  in  time  and 
space,  which  is  why  they  all  seem  more  or  less  the 
same? 

And  what  if,  as  we  slip  from  one  to  the  other,  we  get 
farther  away  from  where  we  started,  and  maybe  the  con¬ 
ditions  of  the  meetings  slowly  get  less  probable  com¬ 
pared  with  those  in  the  universe  we  started  from?  That 
explains  it!  That’s  why  the  meetings  seem  similar  but 
also  keep  getting  weirder! 

That  might  also  explain  why  for  example,  Windows  gets 
progressively  more  complex  and  why  Java  is  such  a 
mess.These  are  things  that  shouldn’t  get  more  chaotic, 
but  despite  all  logic  do. 

Hmmm.  But  how  do  we  account  for  Linux,  Perl,  Python 
or  Ruby?  I  guess  those  things  came  from  alternate  uni¬ 
verses  that  I  didn’t  start  from.  If  those  universes  are  closer 
to  this  universe  than  mine  is  (or  should  that  be  “was”?), 


then  they  are  newer  and  less  cluttered. 

That’s  interesting,  because  if  the  developers  on  the 
other  side  of  the  table  are  really  a  long  way  from  the 
universe  where  they  started.it  would  explain  why  they 
seem  so  alien.  I  swear  I  wouldn’t  be  surprised  to  find 
that  they’re  all  wearing  latex  face  masks  to  hide  their 
stalked  eyes. 

And  all  the  marketing  guys  ...  I  know!  They  are  pod 
people  from  some  weird,  alternate  universe  a  really  huge 
distance  away  Wow.  No  wonder  things  seem  so  strange 
around  them. 

So  if  I  can  get  back  to  my  own  universe,  everything 
should  make  a  lot  more  sense!  All  I  have  to  do  is  figure 
out  which  meeting  to  go  to.  Perhaps  it  is  the  meetings  in 
young  companies  that  take  you  away  from  the  reality 
you  started  in,  because  the  gods  know  they  are  the 
weirdest  ones. 

So  to  get  back  to  where  I  started,  I  need  get  into  meet¬ 
ings  that  are  in  older  organizations.  I  know!  I  need  to  join 
a  really  old  government  department  and  get  involved  in 
the  oldest  committees  I  can  find.  Oh  hell,  if  I  do  that,  then 
where  would  the  fun  be? 

OK,  back  to  battle.  Are  you  guys  from  another  uni¬ 
verse?  If  you  change  the  UI  at  this  late  date  we’re  risk¬ 
ing  everything  . . . 

Join  the  blogoverse  at  Gibbs  blog  or  send  your  reality  over 
to  backspin@gibbs.com. 
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Net  Buzz 

continued  from  page  1 

It  wasn’t  that  long  ago  that  a  laptop  with  an  80GB  hard 
drive  seemed  crazy  too.  But  ever- more-monstrous 
drives  are  common  today,  and  they  serve  as  the  founda¬ 
tion  on  which  Webaroo  is  basing  its  free,  ad-supported  search  service.The  company 
and  service  emerge  from  stealth  today,  armed  with  a  flashy  bundling  agreement  from 
laptop  maker  Acer. 

“It’s  not  inconceivable  that  a  couple  of  years  from  now  laptops  are  going  to  have  400 
or  500GB  drives  in  them,"  says  Husick,  who  co-founded  Webaroo  in  2004  with  CEO 
Rakesh  Mathur  and  CTO  Beerud  Sheth.  "What  if  you  could  take  that  space,  and  it 
would  be  enough  to  carry  the  Internet  with  you?  If  you  think  about  searching  the  Web 
without  being  tied  to  a  connection  of  some  kind  —  and  then  periodically  connecting  to 
get  refreshed  —  that  was  the  kernel  of  our  idea.  How  do  you  put  the  Web  on  a  hard 
drive?  . .  .That's  why  it  was  so  crazy.” 

The  first  thing  to  acknowledge  is  that  the  phrase  “put  the  Web  on  a  hard  drive"  is  not 
to  be  taken  literally.  As  Husick  explains:  “Let’s  say  the  HTML  Web  is  10  billion  pages  — 
it’s  actually  a  little  less  than  that —  but  at  10K  per  page  that's  1  million  gigabytes,  also 
known  as  a  petabyte.  It’s  going  to  be  a  long  time  before  notebooks  have  million- 
gigabyte  hard  drives.  So  how  do  you  get  a  million  gigabytes  down  to  what  you  need?" 

Webaroo  does  it,  he  says,  through  “a  server  farm  that  is  of  Web  scale"  and  a  set  of 
proprietary  search  algorithms  that  whittle  the  million  gigabytes  down  to  manageable 
chunks  that  will  fit  on  a  hard  drive:  up  to  256MB  for  a  growing  menu  of  Web  packs  on 
specific  topics  —  favorite  Web  sites,  city  guides,  news  summaries,  Wikipedia  and 
the  like  —  that  make  up  the  service's  initial  offerings;  and  something  in  the  neigh¬ 
borhood  of  40GB  for  the  full-Web  version  set  for  release  later  this  year. 

"We’ve  developed  these  algorithms  that  give  you  a  set  of  meaningful,  relevant  results 
for  anything  on  which  you  search,"  Husick  says.  “In  effect,  we  give  you  the  first  couple 
pages  of  results." 

That’s  all  you  really  need,  the  company  says,  because  studies  show  that  most  people 


rarely  look  beyond  the  first  10  to  20  results  returned  by  a  typical  search.  Webaroo 
returns  not  just  a  list  of  pages  but  the  pages  themselves  —  with  all  graphics  intact  — 
as  well  as  key  live  links  from  those  pages  and  the  pages  to  which  they  lead.They’re 
talking  roughly  10,000  pages  per  Web  pack,  or  plenty  to  provide  a  meaningful  search 
experience  for  whatever  is  the  subject  matter  at  hand,  Husick  says. 

Users  must  download  and  install  5MB  of  Webaroo  software  to  get  started  and  then 
sync  up  with  the  Webaroo  service  site  to  refresh  the  content  in  their  topic-specific 
packs  or  later  this  year,  the  full-Web  version.  Husick  says  these  updates  take  only 
minutes,  but  I’m  already  seeing  corporate  network  managers  wincing  at  the  notion  of 
this  application  sweeping  the  workplace. 

All  in  all,  though,  there’s  no  denying  the  wow  factor  here. 

"It's  kind  of  surprising  that  nobody  else  has  done  something  like  this,"  says  Rob 
Enderle,  president  of  the  Enderle  Analyst  Group.  “It's  one  of  those  things  that  a  lot 
of  folks  will  download.” 

Enderle  believes  the  service  could  be  a  big  hit  among  those  whose  jobs  regularly  take 
them  away  from  their  'Net  connections  —  frequent  fliers,  for  example.  "It's  going  to  be 
a  while  before  hot  spots  are  in  all  the  places  we  need  to  have  them,"  he  says. 

Which  isn’t  to  say  that  ever-more-ubiquitous  'Net  connections  won’t  pose  a  challenge 
to  the  Webaroo  business  model. 

“Long  term,  their  opportunity  may  have  more  to  do  with  [search]  performance"  than 
the  offline  capability  itself,  Enderle  says. 

Husick  tells  me  that  notion  was  reinforced  by  a  rousing  reception  the  service 
received  from  Japanese  mobile  operators,  who  he  says  were  salivating  overWebaroo 
as  a  means  to  siphon  search  traffic  away  from  their  wireless  broadband  networks. 

Webaroo  also  is  touting  the  potential  cost  savings  and  convenience  of  its  service. 

“Every  hotel  I  go  to  wants  to  charge  me  $10  to  $15  a  night  for  Internet.  Every  airport 
wants  to  charge  me  another  $10  to  get  connected,”  Husick  says.  “If  I've  got  five  min¬ 
utes  before  I  have  to  board  my  flight,  do  I  want  to  spend  that  five  minutes  connecting 
or  do  I  want  to  spend  five  minutes  getting  my  search  answer?” 

You  still  need  a  'Net  connection  to  send  me  e-mail.  The  address  is  buz.z@nu-u.  co::: 
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.INFRASTRUCTURE  LOG 


_DAY  35:  Whoa!  Came  in  today  and  found  a  black  hole. 
Information  goes  in  but  doesn’t  come  out.  This  is  bad. 

_DAY  36:  The  black  hole  just  sucked  in  three  interns. 

HR  is  not  pleased. 

_DAY  38:  I’ve  taken  back  control  with  IBM  Information 
Management  middleware.  It’s  built  on  open  standards. 
Totally  scalable.  Seamlessly  unites  all  our  critical 
information,  whatever  its  source.  Now  our  info  has  real 
business  value,  and  we  can  use  it  in  innovative  ways 
to  help  spur  growth. 

_We  got  everything  back  from  the  black  hole.  Except 
the  interns. 
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Information  Management 


See  innovative  IBM  Info  Management  solutions  in  action: 

IBM.COM/TAKEBACKCONTROL/INFOMGMT 
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More  than  50%  faster 


About  1/3  the 
power  consumption 


1/4  the  size 


Two  Single-  or  Dual-Core 
AMD  Opteron"  Processors 


Four 

Gigabit  Ethernet 
ports 


Dual-redundant, 
hot-swappable 
power  supplies 


VGA  video  port 


Less  than 
1/2  the  price 


2.5”  SAS  server- 
grade  HDDs 


The  Sun  Fire™  x64  servers 


OH,  ONE  MORE  REASON  WHY  IT’S  THE  NEW  STANDARD  IN 
X64  INDUSTRY  STANDARD  SERVERS:  IT  STARTS  AT  ONLY  $2,195- 
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SERVER  FACTS: 
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Sun  Fire"  X4100 

Dell  PE6850 

57%  FASTER1 

SPECfp_rate2000:  82.4 

SPECfp_rate2000:  52.5 

1/4  THE  SIZE 

lU 

4U 

ABOUT  1/3  THE 
POWER  CONSUMPTION 

550  watts 

1,470  watts 

CERTIFIED  FOR  THE  TOP  3  OSs 

Solaris,  Linux,  Windows 

Linux,  Windows 

LESS  THAN  1/2  THE  PRICE2 

$2,195 

$4,949 

l  _ _ _ 

...  .  > 

Buy  today  at  sun.com. 
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